|
1 | | -We're working hard to make CopilotKit safe and secure for everyone. Thank you for taking the time to responsibly disclose any issues you find. |
| 1 | +# Security Policy |
2 | 2 |
|
3 | | -All security bugs in CopilotKit should be reported by email to security@copilotkit.ai |
| 3 | +At **Copilotkit**, we are continuously working to improve not only the product but also the open-source repository. To achieve this, we encourage you to take some time to responsibly disclose any issues you may encounter. |
4 | 4 |
|
5 | | -This email address is delivered to a small security team. Your email will be acknowledged within 24 hours and please be specific with the issue you have found. |
| 5 | +## Reporting a Vulnerability |
6 | 6 |
|
7 | | -If you have not received a reply to your email within 48 hours, or have not heard from the security team for the past five days, please DM someone from CopilotKit in our [Discord Community](https://discord.com/invite/6dffbvGU3D). |
| 7 | +We hope this product meets your expectations. However, if you notice anything that seems off, please feel free to report the issue by following the steps below: |
8 | 8 |
|
9 | | -Please note that our community is a public area. When escalating at this venue, please do not discuss your issue. Simply say that you’re trying to get a hold of someone from the security team. |
| 9 | +1. **Contact Information**: |
| 10 | + - Email: [security@copilotkit.ai](mailto:security@copilotkit.ai) |
10 | 11 |
|
11 | | -Thank you for helping us make CopilotKit more secure. |
| 12 | +2. **Required Information**: |
| 13 | + - A detailed description of the vulnerability |
| 14 | + - Steps to reproduce the issue |
| 15 | + - Potential impact or risk |
| 16 | + - Any possible mitigations or workarounds |
| 17 | + |
| 18 | +3. **Preferred Method of Disclosure**: |
| 19 | + <br> |
| 20 | + Since our community operates in a public domain, please **do not** discuss the details of the vulnerability publicly. When escalating the issue, simply mention that you are trying to reach someone from the security team. |
| 21 | + |
| 22 | +## Response Process |
| 23 | + |
| 24 | +- **Acknowledgment**: Within 48 hours of receiving your report, we will acknowledge your submission. |
| 25 | +- **Investigation**: We will investigate the issue within 5 business days. |
| 26 | +- **Resolution**: We aim to release a fix or mitigation within 30 days of confirming the vulnerability. |
| 27 | + |
| 28 | +### Note |
| 29 | +**If you do not receive an acknowledgment of your email within 48 hours, and you haven’t heard from our security team after 5 days, please directly message someone from the Copilotkit team in our [Discord community](https://discord.gg/6dffbvGU3D).** |
| 30 | + |
| 31 | +## Security Best Practices |
| 32 | + |
| 33 | +While we strive to keep our project secure, here are a few best practices for users of our software: |
| 34 | +- Always keep your installation up to date with the latest security patches. |
| 35 | +- Avoid using outdated or unsupported versions of the project. |
| 36 | +- Regularly audit your dependencies and review their security advisories. |
| 37 | + |
| 38 | +--- |
| 39 | + |
| 40 | +Thank you for helping us maintain the security and integrity of this project. |
0 commit comments