batterymhm / SECURITY.md
williamTLmiller's picture
Make it a full tech repo: packaging, CI, docs, examples, community files
4671c68 verified
|
Raw
History Blame Contribute Delete
1.19 kB
# Security Policy
## Scope
BatteryMHM is a research library for harmonic-feature modeling. It does not
handle credentials, network services, or user data, so its attack surface is
small. Still, we take correctness and supply-chain integrity seriously.
## Supported versions
The latest released version (`1.0.0`) is supported.
## Reporting a vulnerability
If you discover a security issue (for example, a dependency vulnerability, a
deserialization risk in user-supplied data, or a way the library could be made
to execute untrusted code), please **do not open a public issue**. Instead,
report it privately via the Hugging Face model discussion page (mark it as a
security concern) or the repository's private advisory channel.
Please include:
- A description of the issue and its impact
- Steps to reproduce
- Affected version(s) and environment
We aim to acknowledge reports within a few business days and to address
confirmed issues promptly.
## Note on model weights
This repository distributes **no** trained model weights or pickled objects.
If you train your own models, never `pickle.load` weights from an untrusted
source — pickle can execute arbitrary code on load.