43 lines
1.9 KiB
Markdown
43 lines
1.9 KiB
Markdown
# Security Policy
|
||
|
||
At **CopilotKit**, we are continuously working to improve not only the product but also the open-source repository. To achieve this, we encourage you to take some time to responsibly disclose any issues you may encounter.
|
||
|
||
## Reporting a Vulnerability
|
||
|
||
We hope this product meets your expectations. However, if you notice anything that seems off, please feel free to report the issue by following the steps below:
|
||
|
||
1. **Contact Information**:
|
||
- Email: [security@copilotkit.ai](mailto:security@copilotkit.ai)
|
||
|
||
2. **Required Information**:
|
||
- A detailed description of the vulnerability
|
||
- Steps to reproduce the issue
|
||
- Potential impact or risk
|
||
- Any possible mitigations or workarounds
|
||
|
||
3. **Preferred Method of Disclosure**:
|
||
<br>
|
||
Since our community operates in a public domain, please **do not** discuss the details of the vulnerability publicly. When escalating the issue, simply mention that you are trying to reach someone from the security team.
|
||
|
||
## Response Process
|
||
|
||
- **Acknowledgment**: Within 48 hours of receiving your report, we will acknowledge your submission.
|
||
- **Investigation**: We will investigate the issue within 5 business days.
|
||
- **Resolution**: We aim to release a fix or mitigation within 30 days of confirming the vulnerability.
|
||
|
||
### Note
|
||
|
||
**If you do not receive an acknowledgment of your email within 48 hours, and you haven’t heard from our security team after 5 days, please directly message someone from the CopilotKit team in our [Discord community](https://discord.gg/6dffbvGU3D).**
|
||
|
||
## Security Best Practices
|
||
|
||
While we strive to keep our project secure, here are a few best practices for users of our software:
|
||
|
||
- Always keep your installation up to date with the latest security patches.
|
||
- Avoid using outdated or unsupported versions of the project.
|
||
- Regularly audit your dependencies and review their security advisories.
|
||
|
||
---
|
||
|
||
Thank you for helping us maintain the security and integrity of this project.
|