Security Policy
This page defines the vulnerability reporting process and response targets for AI Knowledge Base Platform. For security incidents, use private channels only.
Current Phase
Early OSS / Beta
Early OSS / Beta
Public Issue for Vulns
Not allowed
Not allowed
Preferred Disclosure
Coordinated disclosure
Coordinated disclosure
Supported Versions
| Version | Supported |
|---|---|
| main (latest) | Yes |
| older tags/releases | No |
How to Report a Vulnerability
Do not open a public GitHub issue for vulnerability reports.
Use one of the following private channels:
- Email:
security@example.com(replace before wide production adoption) - Alternative contact: project maintainers
Please include the following in your report:
- Affected component/path
- Reproduction steps
- Impact assessment
- Suggested mitigation (optional)
Response SLA (Target)
- Initial acknowledgement: within 72 hours
- Triage result: within 7 business days
- Fix plan: announced after impact assessment
Disclosure Policy
- Coordinated disclosure is preferred.
- Public disclosure should happen after a fix or mitigation is available.