Skip to content

Commit f8ec7cd

Browse files
Updated SECURITY.md
1 parent 390d1e4 commit f8ec7cd

1 file changed

Lines changed: 35 additions & 6 deletions

File tree

SECURITY.md

Lines changed: 35 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,40 @@
1-
We're working hard to make CopilotKit safe and secure for everyone. Thank you for taking the time to responsibly disclose any issues you find.
1+
# Security Policy
22

3-
All security bugs in CopilotKit should be reported by email to security@copilotkit.ai
3+
At **Copilotkit**, we are continuously working to improve not only the product but also the open-source repository. To achieve this, we encourage you to take some time to responsibly disclose any issues you may encounter.
44

5-
This email address is delivered to a small security team. Your email will be acknowledged within 24 hours and please be specific with the issue you have found.
5+
## Reporting a Vulnerability
66

7-
If you have not received a reply to your email within 48 hours, or have not heard from the security team for the past five days, please DM someone from CopilotKit in our [Discord Community](https://discord.com/invite/6dffbvGU3D).
7+
We hope this product meets your expectations. However, if you notice anything that seems off, please feel free to report the issue by following the steps below:
88

9-
Please note that our community is a public area. When escalating at this venue, please do not discuss your issue. Simply say that you’re trying to get a hold of someone from the security team.
9+
1. **Contact Information**:
10+
- Email: [security@copilotkit.ai](mailto:security@copilotkit.ai)
1011

11-
Thank you for helping us make CopilotKit more secure.
12+
2. **Required Information**:
13+
- A detailed description of the vulnerability
14+
- Steps to reproduce the issue
15+
- Potential impact or risk
16+
- Any possible mitigations or workarounds
17+
18+
3. **Preferred Method of Disclosure**:
19+
<br>
20+
Since our community operates in a public domain, please **do not** discuss the details of the vulnerability publicly. When escalating the issue, simply mention that you are trying to reach someone from the security team.
21+
22+
## Response Process
23+
24+
- **Acknowledgment**: Within 48 hours of receiving your report, we will acknowledge your submission.
25+
- **Investigation**: We will investigate the issue within 5 business days.
26+
- **Resolution**: We aim to release a fix or mitigation within 30 days of confirming the vulnerability.
27+
28+
### Note
29+
**If you do not receive an acknowledgment of your email within 48 hours, and you haven’t heard from our security team after 5 days, please directly message someone from the Copilotkit team in our [Discord community](https://discord.gg/6dffbvGU3D).**
30+
31+
## Security Best Practices
32+
33+
While we strive to keep our project secure, here are a few best practices for users of our software:
34+
- Always keep your installation up to date with the latest security patches.
35+
- Avoid using outdated or unsupported versions of the project.
36+
- Regularly audit your dependencies and review their security advisories.
37+
38+
---
39+
40+
Thank you for helping us maintain the security and integrity of this project.

0 commit comments

Comments
 (0)