dytr / SECURITY.md
alsubari's picture
Sync from GitHub via hub-sync
9981d07 verified
|
Raw
History Blame Contribute Delete
2.43 kB

Security Policy

Supported Versions

Currently supported versions with security updates:

Version Supported
0.1.x ✅ Yes
< 0.1 ❌ No

Reporting a Vulnerability

How to Report

DO NOT create public GitHub issues for security vulnerabilities.

Please report security vulnerabilities by email to:

📧 akram.alsubari@outlook.com

📧 akram.alsubari87@gmail.com (alternative)

What to Include

When reporting a vulnerability, please include:

  • Description of the vulnerability
  • Steps to reproduce (code examples if possible)
  • Affected versions
  • Potential impact
  • Any suggested fixes (optional)

What to Expect

Step Timeline Description
1 Within 48 hours Acknowledgment of receipt
2 Within 5-7 days Initial assessment and confirmation
3 Within 14 days Fix development or mitigation plan
4 Within 30 days Release of security update

Vulnerability Acceptance

If the vulnerability is accepted:

  • You will receive credit in the release notes (unless you prefer to remain anonymous)
  • A security advisory will be published
  • A patch will be released for supported versions

Vulnerability Decline

If the vulnerability is declined:

  • You will receive a detailed explanation why
  • The issue may be moved to a public discussion if appropriate
  • No further action will be taken

Security Best Practices for Users

When using dytr:

  1. Keep updated: Always use the latest version
  2. Validate inputs: Sanitize any untrusted input before passing to the model
  3. Use virtual environments: Isolate dytr installations
  4. Review code changes: Check pull requests before merging

Security Updates

Security updates will be released as:

  • Patch versions (0.1.x → 0.1.y) for critical fixes
  • Minor versions (0.x → 0.y) for non-critical fixes

Watch the repository on GitHub to receive security update notifications.

Responsible Disclosure

We follow responsible disclosure practices:

  • Reporters will be acknowledged (unless anonymous)
  • Fixes will be released before public disclosure
  • Coordinated disclosure with reporters

Contact

Security Contact: akram.alsubari@outlook.com

Alternative Contact: akram.alsubari87@gmail.com

Acknowledgment

We thank the security research community for helping keep dytr secure.