At Veracode, security is job number one. We consider security in everything we do to ensure the trustworthiness of the tools and services we provide.

We love coordinated disclosure! Please email grc@veracode.com to start a conversation! We'll coordinate a secure communication mechanism first, then evaluate the reported issue(s) and keep you apprised each step of the way.

The project currently makes use of a zero-based versioning scheme and will continue to do so until it is deemed stable. Until then, only the latest release of the project is supported with security updates. That is, if changes are made to adhere to security, a new release containing those changes will be made from the latest commits to the default branch. No long-living release branches will be created. This policy may change once there are non-zero major version releases.