We take the security of its code seriously. If you think you have found a security vulnerability, please read the next sections and follow the instructions to report your finding.

Open source software can be used in various contexts that may go far beyond what it was originally designed and also secured for. Therefore, we describe here how python-smime-email is currently expected to be used in security-sensitive scenarios.

Please DO NOT report any potential security vulnerability via a public channel (mailing list, github issue etc.). Instead, create a report via https://github.com/siemens/python-smime-email/security/advisories/new or contact the maintainers opensource@siemens.com via email directly. Please provide a detailed description of the issue, the steps to reproduce it, the affected versions and, if already available, a proposal for a fix. You should receive a response within 5 working days. If the issue is confirmed as a vulnerability by us, we will open a Security Advisory on Github and give credits for your report if desired. This project follows a 90 day disclosure timeline.