We actively support the following versions with security updates:
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
We take security vulnerabilities seriously. If you discover a security vulnerability, please follow these steps:
- DO NOT create a public GitHub issue for security vulnerabilities
- Email us directly at: security@llmadaptive.uk
- Include the following information:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Suggested fix (if known)
- Your contact information
- Acknowledgment: We will acknowledge your report within 24 hours
- Initial Assessment: We will provide an initial assessment within 72 hours
- Regular Updates: We will keep you informed of our progress
- Resolution Timeline: We aim to resolve critical vulnerabilities within 7 days
We follow responsible disclosure practices:
- We will work with you to understand and resolve the issue
- We will not take legal action against researchers who follow this policy
- We will publicly acknowledge your contribution (unless you prefer to remain anonymous)
- We may offer a bug bounty for qualifying vulnerabilities
- Keep your installation up to date
- Use strong, unique API keys
- Enable HTTPS in production
- Regularly audit your access logs
- Follow the principle of least privilege
- Never commit secrets or API keys to version control
- Use environment variables for sensitive configuration
- Implement proper input validation
- Follow secure coding practices
- Keep dependencies updated
- API key-based authentication
- Role-based access control
- Rate limiting and request throttling
- Session management
- Encryption at rest and in transit
- Secure API communication
- Data anonymization where applicable
- Audit logging
- Container security scanning
- Network segmentation
- Regular security updates
- Monitoring and alerting
- Always use HTTPS in production
- Validate and sanitize all input
- Implement proper error handling
- Use rate limiting to prevent abuse
- Minimize data collection
- Implement data retention policies
- Use secure data storage
- Follow privacy regulations
- Use security scanning tools
- Keep systems patched
- Implement proper monitoring
- Regular security assessments
Security updates are released as needed and announced through:
- GitHub Security Advisories
- Release notes
- Email notifications to registered users
- Security mailing list
For security-related questions or concerns:
- Security Team: security@llmadaptive.uk
- General Support: support@llmadaptive.uk
- Emergency Contact: security@llmadaptive.uk
We appreciate the security research community and acknowledge those who have helped improve our security:
- [Security researchers will be listed here upon disclosure]
This security policy is subject to change. Please check this document regularly for updates.