Hey folks,

Since we're going to be using dnsjava in VeraId, I'm planning to request an independent security audit of your DNSSEC implementation, but I have a few questions I was hoping you could answer:

• Has there been any independent assessment of the DNSSEC implementation and, if so, is the report public? I couldn't find any reference to security audits but I wanted to double check.
• Would you be happy to engage directly with the team conducting the audit? It's unclear at this point whether this would be necessary or ideal. The alternative is to communicate the findings to me, and I'll pass them on to you.
• What's the best way to report security vulnerabilities? Assuming they find any and I'm the "liaison".

Thanks!