Please do not report security vulnerabilities through public GitHub issues.

Instead, email security@cloudzero.com with:

• A description of the vulnerability and its potential impact
• Steps to reproduce or a proof-of-concept (if available)
• Any suggested mitigations

We will acknowledge your report within 2 business days and provide a timeline for a fix. We ask that you give us reasonable time to address the issue before any public disclosure.

We provide security fixes for the latest released version of this provider. We recommend always using the latest version.

This policy covers the terraform-provider-cloudzero source code and published binaries. It does not cover the CloudZero SaaS platform itself (report those issues through your CloudZero account support channel).