From 7f153b32006910c443127c62a4ee416ede9e1c0d Mon Sep 17 00:00:00 2001 From: Tolga Kayhan Date: Wed, 28 Aug 2024 13:11:47 +0100 Subject: [PATCH] Create SECURITY.md --- SECURITY.md | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..a339b7f6 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,36 @@ +# Security Policy +## Reporting a Vulnerability + +We take the security of our library seriously. If you discover a security vulnerability within Betalgo's OpenAI library, please follow these steps: + +1. **Do not** disclose the vulnerability publicly. +2. Send a detailed report of the vulnerability to our security team at [mail@betalgo.com](mailto:mail@betalgo.com). +3. Include the following in your report: + - A description of the vulnerability + - Steps to reproduce the issue + - Potential impact of the vulnerability + - Suggested fix (if any) + +Our security team will acknowledge receipt of your vulnerability report. You'll receive a more detailed response, indicating the next steps in handling your submission. + +After the initial reply to your report, our security team will endeavor to keep you informed of the progress being made towards a fix and full announcement. We may ask for additional information or guidance during this process. + +## Security Measures + +To ensure the security of your data when using our library: + +1. Always use the latest supported version of the library. +2. Keep your API keys and other sensitive information secure. Never hardcode these values in your source code. +3. Use environment variables or secure secret management solutions to store your OpenAI API keys. +4. Implement proper error handling to prevent unintended information disclosure. +5. Be cautious when using user-generated content as input to API calls. + +## Third-Party Dependencies + +Our library uses some third-party dependencies. We regularly review and update these dependencies to address any known security issues. However, users should be aware that the security of these components is outside of our direct control. + +## Responsible Disclosure + +We kindly request that you give us a reasonable amount of time to address any reported vulnerabilities before disclosing them publicly. We appreciate your efforts in improving the security of our library and will acknowledge your contribution (if desired) once the issue is resolved. + +Thank you for helping keep Betalgo's OpenAI library and its users safe!