dytr / SECURITY.md
alsubari's picture
Sync from GitHub via hub-sync
9981d07 verified
|
Raw
History Blame Contribute Delete
2.43 kB
# Security Policy
## Supported Versions
Currently supported versions with security updates:
| Version | Supported |
|---------|-----------|
| 0.1.x | βœ… Yes |
| < 0.1 | ❌ No |
## Reporting a Vulnerability
### How to Report
**DO NOT** create public GitHub issues for security vulnerabilities.
Please report security vulnerabilities by email to:
πŸ“§ **akram.alsubari@outlook.com**
πŸ“§ **akram.alsubari87@gmail.com** (alternative)
### What to Include
When reporting a vulnerability, please include:
- Description of the vulnerability
- Steps to reproduce (code examples if possible)
- Affected versions
- Potential impact
- Any suggested fixes (optional)
### What to Expect
| Step | Timeline | Description |
|------|----------|-------------|
| 1 | Within 48 hours | Acknowledgment of receipt |
| 2 | Within 5-7 days | Initial assessment and confirmation |
| 3 | Within 14 days | Fix development or mitigation plan |
| 4 | Within 30 days | Release of security update |
### Vulnerability Acceptance
If the vulnerability is accepted:
- You will receive credit in the release notes (unless you prefer to remain anonymous)
- A security advisory will be published
- A patch will be released for supported versions
### Vulnerability Decline
If the vulnerability is declined:
- You will receive a detailed explanation why
- The issue may be moved to a public discussion if appropriate
- No further action will be taken
## Security Best Practices for Users
When using dytr:
1. **Keep updated**: Always use the latest version
2. **Validate inputs**: Sanitize any untrusted input before passing to the model
3. **Use virtual environments**: Isolate dytr installations
4. **Review code changes**: Check pull requests before merging
## Security Updates
Security updates will be released as:
- **Patch versions** (0.1.x β†’ 0.1.y) for critical fixes
- **Minor versions** (0.x β†’ 0.y) for non-critical fixes
Watch the repository on GitHub to receive security update notifications.
## Responsible Disclosure
We follow responsible disclosure practices:
- Reporters will be acknowledged (unless anonymous)
- Fixes will be released before public disclosure
- Coordinated disclosure with reporters
## Contact
**Security Contact:** akram.alsubari@outlook.com
**Alternative Contact:** akram.alsubari87@gmail.com
## Acknowledgment
We thank the security research community for helping keep dytr secure.