Security

SECURITY.md

Security Policy

Reporting Vulnerabilities

If you discover a security issue, please report it via GitHub Security Advisories (private).

Do NOT:

Open public issues for security vulnerabilities.
Include sensitive data in experiment logs.
Commit credentials or API keys.

What to Report

Infrastructure vulnerabilities in provided scripts.
Sensitive data exposure in documentation.
Security issues in sample code.

Response Timeline

Acknowledgment: 48 hours.
Initial assessment: 7 days.
Resolution: Depends on severity.

There aren’t any published security advisories