The Cirq developers and community take security bugs in Cirq seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

Please do not use GitHub issues to report security vulnerabilities; GitHub issues are public, and doing so could allow someone to exploit the information before the problem can be addressed. Instead, please use the GitHub "Report a Vulnerability" interface from the Security tab of the Cirq repository.

Please security bugs in third-party modules to the person or team maintaining the module rather than the Cirq project stewards, unless you believe that some action needs to be taken with Cirq in order to guard against the effects of a security vulnerability in a third-party module.

The project stewards at Google Quantum AI will send a response indicating the next steps in handling your report. After the initial reply to your report, the project stewards will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

Please contact the project stewards at Google Quantum AI via email at [email protected] if you have questions or other concerns. If for any reason you are uncomfortable reaching out to the project stewards, please email [email protected].