Security Policy
Last updated: 23/12/2024
Reporting a Vulnerability
To report a security issue, please open a security advisory with a detailed description of the issue, steps to reproduce, affected versions, and if known, mitigations.
Please include everything required to reproduce the issue, including a publicly accessible git repository and/or StackBlitz repository.
All code samples shared with our Security team will only be used to verify and diagnose the issue and will not be publicly shared with anyone outside of Artify-AI's teams.
Security Team members may share information only within the Artify teams on a need-to-know basis to fix the related issue.
Our Security team will respond to the security advisory within three working days.
If you think you've found a security issue, please DO NOT report, discuss, or describe it on Discord, GitHub, or any other public forum without prior contact and acknowledgment of Artify's Security team.
This project follows a 90-day disclosure timeline. This is detrimental to the safety of all Artify-AI users. There are no exceptions to this rule.
Embargo Policy
- Members' and others' information received through participation in this group must not be made public, shared, or even hinted at otherwise, except with prior explicit approval.
- As a clarifying example, this policy forbids Artify-AI Security members from sharing information with their employers unless prior arrangements have been made.
- In the unfortunate event that you share information beyond what is allowed by this policy, you must urgently inform the Security Team of exactly what information leaked and to whom.
- Repeated offenses may lead to removal from the Security or Artify-AI team.