-
-
Notifications
You must be signed in to change notification settings - Fork 537
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
df3bee8
commit 7f153b3
Showing
1 changed file
with
36 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| # Security Policy | ||
| ## Reporting a Vulnerability | ||
|
|
||
| We take the security of our library seriously. If you discover a security vulnerability within Betalgo's OpenAI library, please follow these steps: | ||
|
|
||
| 1. **Do not** disclose the vulnerability publicly. | ||
| 2. Send a detailed report of the vulnerability to our security team at [[email protected]](mailto:[email protected]). | ||
| 3. Include the following in your report: | ||
| - A description of the vulnerability | ||
| - Steps to reproduce the issue | ||
| - Potential impact of the vulnerability | ||
| - Suggested fix (if any) | ||
|
|
||
| Our security team will acknowledge receipt of your vulnerability report. You'll receive a more detailed response, indicating the next steps in handling your submission. | ||
|
|
||
| After the initial reply to your report, our security team will endeavor to keep you informed of the progress being made towards a fix and full announcement. We may ask for additional information or guidance during this process. | ||
|
|
||
| ## Security Measures | ||
|
|
||
| To ensure the security of your data when using our library: | ||
|
|
||
| 1. Always use the latest supported version of the library. | ||
| 2. Keep your API keys and other sensitive information secure. Never hardcode these values in your source code. | ||
| 3. Use environment variables or secure secret management solutions to store your OpenAI API keys. | ||
| 4. Implement proper error handling to prevent unintended information disclosure. | ||
| 5. Be cautious when using user-generated content as input to API calls. | ||
|
|
||
| ## Third-Party Dependencies | ||
|
|
||
| Our library uses some third-party dependencies. We regularly review and update these dependencies to address any known security issues. However, users should be aware that the security of these components is outside of our direct control. | ||
|
|
||
| ## Responsible Disclosure | ||
|
|
||
| We kindly request that you give us a reasonable amount of time to address any reported vulnerabilities before disclosing them publicly. We appreciate your efforts in improving the security of our library and will acknowledge your contribution (if desired) once the issue is resolved. | ||
|
|
||
| Thank you for helping keep Betalgo's OpenAI library and its users safe! |