# Security Policy ISC's Security Vulnerability Disclosure Policy is documented in the relevant [ISC Knowledgebase article][1]. ## Reporting possible security issues If you think you may be seeing a potential security vulnerability in BIND (for example, a crash with a REQUIRE, INSIST, or ASSERT failure), please report it immediately by [opening a confidential GitLab issue][2] (preferred) or emailing bind-security@isc.org. Please do not discuss undisclosed security vulnerabilities on any public mailing list. ISC has a long history of handling reported vulnerabilities promptly and effectively and we respect and acknowledge responsible reporters. If you have a crash, you may want to consult the Knowledgebase article entitled ["What to do if your BIND or DHCP server has crashed"][3]. [1]: https://kb.isc.org/docs/aa-00861 [2]: https://gitlab.isc.org/isc-projects/bind9/-/issues/new?issue[confidential]=true&issuable_template=Bug [3]: https://kb.isc.org/docs/aa-00340