Skip to content

Latest commit

 

History

History
61 lines (37 loc) · 2.61 KB

SECURITY.md

File metadata and controls

61 lines (37 loc) · 2.61 KB

Security Policy

Supported Versions

Use this section to tell people about which versions of your project are currently being supported with security updates.

Version Supported
1.0.x
< 1.0

Reporting a Vulnerability

We take the security of our software seriously. If you believe you have found a security vulnerability in TypeGPT, please report it to us as outlined below.

Do not report security vulnerabilities through public GitHub issues.

How to Report a Security Issue?

If you believe you have found a security vulnerability in TypeGPT, please send an email to [[email protected]]. Please include the following information in your report:

  1. Description of the Vulnerability:

    • Provide a clear and concise description of what the vulnerability is.
    • Include any potential impact of the vulnerability.

  2. Steps to Reproduce:

    • Provide detailed steps to reproduce the issue you are reporting.
    • Include screenshots or code snippets if applicable.

  3. Possible Mitigation:

    • If you have suggestions on how to fix the issue, please include them.

Your report will be acknowledged within 24 hours, and you will receive a more detailed response within 48 hours indicating the next steps in handling your report. After the initial reply to your report, the security team will endeavor to keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

Security Updates and Announcements

Updates regarding security issues will be released through the following means:

  • GitHub Releases section of our project
  • Direct communication to users via email if appropriate

We will report on issues that have been resolved, detailing the severity and impact. Please monitor these updates to ensure your software is up to date and secure.

Disclosure Policy

When we learn of a security issue, we will:

  • Confirm the problem and determine its severity
  • Develop a fix in a private repository
  • Prepare a public announcement that details the issue and its resolution
  • Release the announcement alongside patches for supported versions

Comments on this Policy

If you have suggestions on how this process could be improved, please submit a pull request or file an issue.

External Security Audits

We do not currently have a formal external security audit process. However, we welcome security audits by our users or external researchers. We aim to work with auditors to resolve discovered issues.

Thank you for helping keep TypeGPT and our users safe!