This page provides information on writing secure and reliable software in Go.
Go Security Policy
The Go Security Policy explains how to report security issues in the Go standard library and sub-repositories to the Go team.
Go Security Releases
The Go Release History includes release notes for past security problems. Per the release policy, we issue security fixes to the two most recent major releases of Go.
Go Vulnerability Management
Go’s vulnerability management support helps developers find known public vulnerabilities that may affect their Go projects.
Go native fuzzing provides a type of automated testing which continuously manipulates inputs to a program to find bugs.
Go supports fuzzing in its standard toolchain beginning in Go 1.18. Native Go fuzz tests are supported by OSS-Fuzz. Try out the tutorial for fuzzing with Go.
The Go cryptography libraries are the crypto/… and golang.org/x/crypto/… packages in the Go standard library and subrepos, and developed following these principles.