<!--
CO_OP_TRANSLATOR_METADATA:
{
  "original_hash": "4ecc3bf2e27983d4c780be6f26ee6228",
  "translation_date": "2025-08-28T11:12:43+00:00",
  "source_file": "SECURITY.md",
  "language_code": "en"
}
-->
## Security

Microsoft prioritizes the security of its software products and services, including all source code repositories managed through our GitHub organizations, such as [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/?WT.mc_id=academic-77807-sagibbon).

If you believe you have identified a security vulnerability in any Microsoft-owned repository that aligns with [Microsoft's definition of a security vulnerability](https://docs.microsoft.com/previous-versions/tn-archive/cc751383(v=technet.10)/?WT.mc_id=academic-77807-sagibbon), please report it to us as outlined below.

## Reporting Security Issues

**Do not report security vulnerabilities through public GitHub issues.**

Instead, report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report/?WT.mc_id=academic-77807-sagibbon).

If you prefer not to log in, you can send an email to [secure@microsoft.com](mailto:secure@microsoft.com). If possible, encrypt your message using our PGP key, which can be downloaded from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/msrc/pgp-key-msrc/?WT.mc_id=academic-77807-sagibbon).

You should receive a response within 24 hours. If you do not, please follow up via email to ensure we received your initial message. Additional information is available at [microsoft.com/msrc](https://www.microsoft.com/msrc/?WT.mc_id=academic-77807-sagibbon).

Please include the following information (as much as you can provide) to help us better understand the nature and scope of the potential issue:

  * Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
  * Full paths of the source file(s) related to the issue
  * The location of the affected source code (tag/branch/commit or direct URL)
  * Any special configuration needed to reproduce the issue
  * Step-by-step instructions to reproduce the issue
  * Proof-of-concept or exploit code (if available)
  * Impact of the issue, including how an attacker might exploit it

Providing this information will help us address your report more efficiently.

If you are submitting a report for a bug bounty, more detailed reports may result in a higher bounty award. For more information about our active programs, please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty/?WT.mc_id=academic-77807-sagibbon) page.

## Preferred Languages

We prefer all communications to be in English.

## Policy

Microsoft adheres to the principles of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/msrc/cvd/?WT.mc_id=academic-77807-sagibbon).

---

**Disclaimer**:  
This document has been translated using the AI translation service [Co-op Translator](https://github.com/Azure/co-op-translator). While we aim for accuracy, please note that automated translations may include errors or inaccuracies. The original document in its native language should be regarded as the authoritative source. For critical information, professional human translation is advised. We are not responsible for any misunderstandings or misinterpretations resulting from the use of this translation.