| # Security Policy |
|
|
| ## Supported Versions |
|
|
| Currently supported versions with security updates: |
|
|
| | Version | Supported | |
| |---------|-----------| |
| | 0.1.x | β
Yes | |
| | < 0.1 | β No | |
|
|
| ## Reporting a Vulnerability |
|
|
| ### How to Report |
|
|
| **DO NOT** create public GitHub issues for security vulnerabilities. |
|
|
| Please report security vulnerabilities by email to: |
|
|
| π§ **akram.alsubari@outlook.com** |
|
|
| π§ **akram.alsubari87@gmail.com** (alternative) |
|
|
| ### What to Include |
|
|
| When reporting a vulnerability, please include: |
|
|
| - Description of the vulnerability |
| - Steps to reproduce (code examples if possible) |
| - Affected versions |
| - Potential impact |
| - Any suggested fixes (optional) |
|
|
| ### What to Expect |
|
|
| | Step | Timeline | Description | |
| |------|----------|-------------| |
| | 1 | Within 48 hours | Acknowledgment of receipt | |
| | 2 | Within 5-7 days | Initial assessment and confirmation | |
| | 3 | Within 14 days | Fix development or mitigation plan | |
| | 4 | Within 30 days | Release of security update | |
|
|
| ### Vulnerability Acceptance |
|
|
| If the vulnerability is accepted: |
| - You will receive credit in the release notes (unless you prefer to remain anonymous) |
| - A security advisory will be published |
| - A patch will be released for supported versions |
|
|
| ### Vulnerability Decline |
|
|
| If the vulnerability is declined: |
| - You will receive a detailed explanation why |
| - The issue may be moved to a public discussion if appropriate |
| - No further action will be taken |
|
|
| ## Security Best Practices for Users |
|
|
| When using dytr: |
|
|
| 1. **Keep updated**: Always use the latest version |
| 2. **Validate inputs**: Sanitize any untrusted input before passing to the model |
| 3. **Use virtual environments**: Isolate dytr installations |
| 4. **Review code changes**: Check pull requests before merging |
|
|
| ## Security Updates |
|
|
| Security updates will be released as: |
|
|
| - **Patch versions** (0.1.x β 0.1.y) for critical fixes |
| - **Minor versions** (0.x β 0.y) for non-critical fixes |
|
|
| Watch the repository on GitHub to receive security update notifications. |
|
|
| ## Responsible Disclosure |
|
|
| We follow responsible disclosure practices: |
| - Reporters will be acknowledged (unless anonymous) |
| - Fixes will be released before public disclosure |
| - Coordinated disclosure with reporters |
|
|
| ## Contact |
|
|
| **Security Contact:** akram.alsubari@outlook.com |
|
|
|
|
| **Alternative Contact:** akram.alsubari87@gmail.com |
|
|
| ## Acknowledgment |
|
|
| We thank the security research community for helping keep dytr secure. |
|
|