The New York Times takes security bugs in the NYTimes authored or maintained OSS seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
To report a security issue, email [email protected] with security bug title as a subject line and you will get a response indicating the next steps in handing your report.
If you find vulnerabilities in software, libraries or modules used by NYTimes authored or maintained OSS but written by a third-party, please report the vulnerability to the person or team maintaining the code.