# Security Policy ## Supported Versions Currently supported versions with security updates: | Version | Supported | |---------|-----------| | 0.1.x | ✅ Yes | | < 0.1 | ❌ No | ## Reporting a Vulnerability ### How to Report **DO NOT** create public GitHub issues for security vulnerabilities. Please report security vulnerabilities by email to: 📧 **akram.alsubari@outlook.com** 📧 **akram.alsubari87@gmail.com** (alternative) ### What to Include When reporting a vulnerability, please include: - Description of the vulnerability - Steps to reproduce (code examples if possible) - Affected versions - Potential impact - Any suggested fixes (optional) ### What to Expect | Step | Timeline | Description | |------|----------|-------------| | 1 | Within 48 hours | Acknowledgment of receipt | | 2 | Within 5-7 days | Initial assessment and confirmation | | 3 | Within 14 days | Fix development or mitigation plan | | 4 | Within 30 days | Release of security update | ### Vulnerability Acceptance If the vulnerability is accepted: - You will receive credit in the release notes (unless you prefer to remain anonymous) - A security advisory will be published - A patch will be released for supported versions ### Vulnerability Decline If the vulnerability is declined: - You will receive a detailed explanation why - The issue may be moved to a public discussion if appropriate - No further action will be taken ## Security Best Practices for Users When using dytr: 1. **Keep updated**: Always use the latest version 2. **Validate inputs**: Sanitize any untrusted input before passing to the model 3. **Use virtual environments**: Isolate dytr installations 4. **Review code changes**: Check pull requests before merging ## Security Updates Security updates will be released as: - **Patch versions** (0.1.x → 0.1.y) for critical fixes - **Minor versions** (0.x → 0.y) for non-critical fixes Watch the repository on GitHub to receive security update notifications. ## Responsible Disclosure We follow responsible disclosure practices: - Reporters will be acknowledged (unless anonymous) - Fixes will be released before public disclosure - Coordinated disclosure with reporters ## Contact **Security Contact:** akram.alsubari@outlook.com **Alternative Contact:** akram.alsubari87@gmail.com ## Acknowledgment We thank the security research community for helping keep dytr secure.