If you discover a security vulnerability in Spin, please report it responsibly:

1. Do not open a public GitHub issue for security vulnerabilities
2. Email the maintainers directly with:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Any suggested fixes (optional)

Spin is a model checking tool that:

• Parses user-provided ProMeLa specifications
• Generates C code that users compile and run
• May execute system commands for preprocessing

When using Spin:

• Only run Spin on trusted input files
• Review generated verifier code before compilation
• Be cautious with specifications from untrusted sources

Security fixes will be released as patch versions. Check the releases page for updates.