Netlify is committed to transparency and responsible disclosure of vulnerabilities in the packages used by its community. The company's security team will fix and disclose vulnerabilities in a timely manner, with a focus on improving not only itself but also the broader web. Netlify collaborates with bug bounty researchers and has a public program for reporting vulnerability findings, aiming to make the web a safer place through transparent disclosures. Customers can expect prompt notification within 48 hours if a critical or high CVE rating is identified, allowing them to take necessary action to secure their applications.