Security

The Grid Protection Alliance (GPA) takes the security of our software products and services seriously. This includes all source code repositories managed through our GitHub organizational sites, specifically: Grid Protection Alliance, Gemstone Libraries, and Streaming Telemetry Transport Protocol.

GPA has adopted the following “definition of security vulnerability” when considering what constitutes a security vulnerability. If you believe you have found a security vulnerability meeting this definition in any GPA-owned repository, please report it to us as described below.

Reporting Security Issues

Please report security vulnerabilities as described below, not through public GitHub issues.

To report a security vulnerability in any GPA-owned open source repository, please send an email to support@gridprotectionalliance.org.

When submitting the security vulnerability report, please include the requested information listed below to help us better understand the nature and scope of the possible issue:

You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message.

Preferred Languages

We prefer all communications to be in English.

Policy

The Grid Protection Alliance follows the principle of Coordinated Vulnerability Disclosure.