Skip to content

Security: quantalogic/qllm

SECURITY.md

Security Policy

Supported Versions

We are committed to providing security updates for the following versions of our project. Please ensure you are using a supported version to receive the latest security patches.

Version Supported
2.1.x
2.0.x
1.9.x
< 1.9

Reporting a Vulnerability

We take the security of our project seriously. If you discover a security vulnerability, please follow these steps to report it:

  1. Do not disclose the vulnerability publicly until it has been addressed by our team.
  2. Email your findings to our security team at raphael.mansuy@quantalogic.app.
  3. Provide as much information as possible, including:
    • A detailed description of the vulnerability
    • Steps to reproduce the issue
    • Potential impact of the vulnerability
    • Any possible mitigations or workarounds

What to Expect

  • We will acknowledge receipt of your vulnerability report within 3 business days.
  • Our security team will investigate and validate the reported vulnerability.
  • We aim to provide an initial assessment within 10 business days.
  • We will keep you informed about the progress of addressing the vulnerability.
  • Once the vulnerability is fixed, we will notify you and discuss the possibility of public disclosure.

Disclosure Policy

  • If the vulnerability is accepted:

    • We will work on a fix and release it as soon as possible.
    • We will credit you (unless you prefer to remain anonymous) in the security advisory.
    • We may offer a bounty or reward, depending on the severity and impact of the vulnerability.
  • If the vulnerability is declined:

    • We will provide a detailed explanation of why it was not accepted.
    • We may still implement improvements based on your report, even if it's not classified as a security vulnerability.

Security Best Practices

To help maintain the security of our project:

  1. Always use the latest supported version.
  2. Enable two-factor authentication (2FA) for your GitHub account.
  3. Regularly update all dependencies to their latest secure versions.
  4. Follow secure coding practices and conduct regular code reviews.
  5. Use strong, unique passwords for all accounts related to the project.

Security Updates

We will announce security updates through the following channels:

  • GitHub Security Advisories
  • Our official Twitter account: @QLLMSecurity
  • Email notifications to registered users (ensure your email is up to date in your account settings)

Responsible Disclosure

We kindly ask security researchers and users to practice responsible disclosure:

  • Allow us reasonable time to address the vulnerability before public disclosure.
  • Do not exploit the vulnerability for any purpose other than verification.
  • Do not access, modify, or delete data without explicit permission.

We appreciate your efforts in improving the security of our project. Thank you for helping us maintain a safe environment for all our users.

There aren’t any published security advisories