public/sem_cython12
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
sem_cython12/SECURITY.md
T
vvs 6597509f79 v1.0.0: Windows AMD64 binary + patent/trade-mark reservation + release docs 
- LICENSE §7: no-patent-grant + future-patent reservation; SIM/SEM
  trade-mark reservation with nominative-use exception; sem_cython12
  technical name explicitly NOT a trade mark.
- LICENSE §10: third-party components disclosure (NumPy BSD-3, OpenMP).
- Add Windows AMD64 cp312 binary alongside the Linux x86_64 one.
- README: compatibility table, build provenance, no-telemetry section.
- CHANGELOG.md, CONTRIBUTING.md, SECURITY.md (info@sevana.biz, 5 BD ack).
2026-05-09 15:13:50 +01:00

1.7 KiB
Raw Permalink Blame History

Security Policy

Supported versions

Only the latest released version of sem_cython12 receives security fixes. The current supported line is 1.0.x.

Version Supported
1.0.x yes
< 1.0 no

Reporting a vulnerability

Please report suspected security vulnerabilities privately, not on the public issue tracker.

Email: info@sevana.biz

Include in your report:

  • a description of the issue and its potential impact,
  • the affected version(s) of sem_cython12,
  • platform details (OS, architecture, Python version),
  • a minimal reproducer if possible,
  • whether the issue is already publicly known.

What to expect

  • Acknowledgement within 5 business days of receipt.
  • Initial assessment (severity, scope, reproducibility) within 15 business days.
  • Coordinated disclosure: we will work with you on a disclosure timeline. We aim to release a fix or mitigation before public disclosure. Default embargo is up to 90 days from acknowledgement, extendable by mutual agreement for non-trivial fixes.
  • Credit: with your permission, we will credit you in the CHANGELOG.md entry for the fix.

Out of scope

  • Issues that require an attacker to already control the Python process running sem_cython12 (e.g. arbitrary pickle loading, malicious NumPy arrays constructed in-process).
  • Denial-of-service via deliberately huge input arrays.
  • Vulnerabilities in third-party dependencies (NumPy, OpenMP runtime) that are not specific to sem_cython12's use of them; please report those upstream.

No bug bounty

sem_cython12 does not currently operate a paid bug bounty programme. Reports are appreciated and will be acknowledged in writing.

Reference in New Issue View Git Blame Copy Permalink