This page provides information on writing secure and reliable software in Go.
An explanation of how to report security issues in the Go standard library and sub-repositories to the Go team.
Release notes for past security problems. Per the release policy, we issue security fixes to the two most recent major releases of Go.
The main documentation page for the Go vulnerability management system, which helps developers find and fix vulnerabilities in their Go projects.
The main documentation page for Go native fuzzing.
Fuzzing is a type of automated testing which continuously manipulates inputs to a program to find bugs. Go supports fuzzing in its standard toolchain beginning in Go 1.18. Native Go fuzz tests are supported by OSS-Fuzz.
The Go cryptography libraries are the crypto/… and golang.org/x/crypto/… packages in the Go standard library and subrepos, and developed following these principles.