To report security issues, use GitHub Security Advisories (GHSA) forms such as https://github.com/youki-dev/youki/security/advisories/new .

If you do not have a GitHub account, you may use email to reach out to the Committers directly at cncf-youki-security@lists.cncf.io.

The Committers will try to triage the report and make the first response within 7 days. Releasing a fix may take a longer time, and may need further assistance from the reporter.

If you do not see any response after 7 days, ping the Committers via email at cncf-youki-security@lists.cncf.io.