Most security issues should be reported directly on our issue tracker. Given the early stage of this tool, we encourage clear and public disclosure to help the community stay informed and protected.
Particularly sensitive issues (e.g. those that could lead to arbitrary code execution on the host) should be reported privately to: security@coder.com
Due to the tool's current maturity level, we prefer:
- Early disclosure - Report issues as soon as they're discovered
- Clear communication - Provide detailed reproduction steps and impact assessment
- Public transparency - Use the issue tracker for most reports
As the project matures, we will implement more formal security disclosure processes, including coordinated disclosure timelines and security advisories.