This section describes security practices and procedures for the Dataverse team.
We use a private GitHub issue tracker at https://github.com/IQSS/dataverse-security/issues for security issues.
When drafting the security notice, it might be helpful to look at previous examples.
Gather email addresses from the following sources (these are also described under Ongoing Security of Your Installation in the Installation Guide):
“contact_email” in the public installation spreadsheet
“Other Security Contacts” in the private installation spreadsheet
Once you have the emails, include them as bcc.