The safety and security of the MtconnectTranspiler.Sinks.ScribanTemplates project, alongside its users, are of utmost importance. We actively encourage the responsible disclosure of any security vulnerabilities that might be discovered within the project. Prompt and effective attention to such vulnerabilities ensures the integrity and reliability of the project.

To report a potential security issue within the MtconnectTranspiler.Sinks.ScribanTemplates repository, please follow these steps:

1. Primary Reporting Channel: We recommend reporting potential security vulnerabilities through the MTConnect Institute's project site at projects.mtconnect.org. Reporting here ensures the issue reaches the appropriate committees directly involved with security concerns.

2. Secondary Reporting Channel: If for any reason the primary channel is inaccessible, or if you haven't received acknowledgment within a reasonable timeframe, you may escalate your report via email to security@projects.mtconnect.org. When reporting, please provide detailed information regarding the vulnerability to aid in the investigation, including how the issue may be exploited.

Upon the submission of a security vulnerability report, you can expect the following process:

• Acknowledgment: Our team is committed to acknowledging received reports promptly. Please understand that the complexity of the issue may affect the time required for an initial response.
• Investigation and Communication: The security team, potentially in collaboration with MTConnect standards committees, will thoroughly investigate the reported issue. Additional information or clarification may be requested from you to aid in the investigation.
• Progress Updates: We aim to keep you informed of the progress made in addressing the reported vulnerability.
• Resolution and Disclosure: Once the issue is resolved, we will communicate the outcome and the measures taken to secure the project. We advocate for maintaining the confidentiality of the vulnerability details until a resolution is in place, at which point a public disclosure may be considered.

To expedite the investigation, your report should include:

• A clear and detailed description of the potential vulnerability.
• Steps to reproduce the issue or a proof-of-concept (PoC), if possible.
• Any relevant URLs or resources that could assist in our investigation.

Your collaboration in responsibly disclosing security findings is invaluable to us. Together, we can ensure the security and reliability of the MtconnectTranspiler.Sinks.ScribanTemplates project, contributing to a safer software ecosystem.