Security is core to our values, and we value the input of hackers acting in good faith to help us maintain a high standard for the security and privacy for our users. This includes encouraging responsible vulnerability research and disclosure. This code repository and the entirety of the *.move.mil ecosystem falls under the Department of Defense Vulnerability Disclosure Policy, the full text of which you can find here along with a link to the consolidated Dept of Defense portal to disclose vulnerabilities found: HackerOne for DoD
In general, this policy sets out our definition of good faith in the context of finding and reporting vulnerabilities, as well as what you can expect from us in return.