The fastly/Viceroy project team welcomes security reports and is committed to providing prompt attention to security issues. Security issues should be reported privately via Fastly’s security issue reporting process.
Remediation of security vulnerabilities is prioritized by the project team. The project team endeavors to coordinate remediation with third-party stakeholders, and is committed to transparency in the disclosure process. The fastly/Viceroy team announces security issues in release notes as well as Github Security Advisories on a best-effort basis.
Note that communications related to security issues in Fastly-maintained OSS as described here are distinct from Fastly Security Advisories.