The Colorado Center for Personalized Medicine - Informatics Operations (CCPM I/O) team and community take security bugs and vulnerabilities seriously. We appreciate your efforts to responsibly disclose and, where necessary, remediate your findings when it comes to security issues.

General security incident procedures for projects found here are managed through the University of Colorado's Office of Information Security incident report process. Please see that the linked materials for more detail on how to proceed.

We also follow a University HIPAA Policy regarding data used by some of our projects. Please use the following special link for HIPAA related security incidents.

Besides the above, we require the following for projects:

• Private keys, passwords, and credentials must never be committed into source control.
• Data checked into source control must not include sensitive or personally identifiable information (PII).