Phylum was founded by a team of security researchers at heart, and we take the security of our tooling seriously.
We love coordinated disclosure! Please email security@phylum.io to start a conversation! We'll coordinate a secure communication mechanism first, then evaluate the reported issue(s) and keep you apprised each step of the way.
The project currently makes use of a zero-based versioning scheme and will continue to do so until it is deemed stable. Until then, only the latest release of the project is supported with security updates. That is, if changes are made to adhere to security, a new release containing those changes will be made from the latest commits to the default branch. No long-living release branches will be created. This policy may change once there are non-zero major version releases.