Skip to content

Latest commit

 

History

History
46 lines (43 loc) · 2.23 KB

SECURITY.md

File metadata and controls

46 lines (43 loc) · 2.23 KB

Security Policy

Supported Versions

​ AI Verify is presently only supported for its current release version. Please make sure you are on the current version stated below. ​

Version Supported
0.9.x
0.10.x

Reporting a Vulnerability

​ Security vulnerabilities are serious issues and will be considered carefully so as to safeguard the integrity and stability of AI Verify. If you find a potential security vulnerability, please refrain from reporting security vulnerabilities through public platforms, such as on GitHub issues, discussions, or pull requests. Please instead raise it as a security vulnerability here. ​ Please include as much of the information listed below as you can to help us better understand and resolve the issue: ​

  • The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
  • Full paths of source file(s) related to the manifestation of the issue
  • The location of the affected source code (tag/branch/commit or direct URL)
  • Any special configuration required to reproduce the issue
  • Step-by-step instructions to reproduce the issue
  • Proof-of-concept or exploit code (if possible)
  • Impact of the issue, including how an attacker might exploit the issue

​ This information will help us triage your report more quickly. ​ The lead maintainer will acknowledge your report within the next working day. After the initial reply to your report, the security team will endeavor to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance. If the issue is confirmed, we will release a patch as soon as possible depending on complexity. Your efforts to ensure the continuity of the project are greatly appreciated. ​

Disclosure Policy

​ When the security team receives a security bug report, they will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps: ​

  • Confirm the problem and determine the affected versions.
  • Audit code to find any potential similar problems.
  • Prepare fixes for all releases still under maintenance.