The PAPI team takes security issues in both official PAPI releases (found under Releases on GitHub or through URL http://icl.utk.edu/projects/papi/downloads/papi-X.Y.Z.tar.gz) and in our main development branch (master) extremely serious.

If you have encountered a securty issue in PAPI, please report it by use of GitHub's Report a vulnerability. After submission, a PAPI team member will reach out to acknowledge the report and outline the next steps that will be taken. As the PAPI team member works through resolving your report, you will be continously informed of the progress.

NOTE: Please be attentive to your report as more information may be requested.

If a PAPI team member does not acknowledge your initial report within five business days then escalation is applicable. To escalate, please send an email to ptools-perfapi@icl.utk.edu with a quick summary of the security vulnerability and a direct link to your report.