This formally describes our policies on reporting, notification and disclosure of security issues, and provides a detailed explanation of our full security-response process, for reference purposes.