public/sem_cython12
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ed5ca0cafcfaf65a9ddefa42b4db9398e3077b3e
sem_cython12/SECURITY.md
T
vvs 6597509f79 v1.0.0: Windows AMD64 binary + patent/trade-mark reservation + release docs 
- LICENSE §7: no-patent-grant + future-patent reservation; SIM/SEM
  trade-mark reservation with nominative-use exception; sem_cython12
  technical name explicitly NOT a trade mark.
- LICENSE §10: third-party components disclosure (NumPy BSD-3, OpenMP).
- Add Windows AMD64 cp312 binary alongside the Linux x86_64 one.
- README: compatibility table, build provenance, no-telemetry section.
- CHANGELOG.md, CONTRIBUTING.md, SECURITY.md (info@sevana.biz, 5 BD ack).
2026-05-09 15:13:50 +01:00

54 lines
1.7 KiB
Markdown
Raw Blame History

# Security Policy
## Supported versions
Only the latest released version of `sem_cython12` receives security
fixes. The current supported line is `1.0.x`.
| Version | Supported |
|---------|-----------|
| 1.0.x | yes |
| < 1.0 | no |
## Reporting a vulnerability
Please report suspected security vulnerabilities **privately**, not on
the public issue tracker.
Email: **info@sevana.biz**
Include in your report:
- a description of the issue and its potential impact,
- the affected version(s) of `sem_cython12`,
- platform details (OS, architecture, Python version),
- a minimal reproducer if possible,
- whether the issue is already publicly known.
## What to expect
- **Acknowledgement** within **5 business days** of receipt.
- **Initial assessment** (severity, scope, reproducibility) within 15
business days.
- **Coordinated disclosure**: we will work with you on a disclosure
timeline. We aim to release a fix or mitigation before public
disclosure. Default embargo is up to 90 days from acknowledgement,
extendable by mutual agreement for non-trivial fixes.
- **Credit**: with your permission, we will credit you in the
`CHANGELOG.md` entry for the fix.
## Out of scope
- Issues that require an attacker to already control the Python
process running `sem_cython12` (e.g. arbitrary pickle loading,
malicious NumPy arrays constructed in-process).
- Denial-of-service via deliberately huge input arrays.
- Vulnerabilities in third-party dependencies (NumPy, OpenMP runtime)
that are not specific to `sem_cython12`'s use of them; please report
those upstream.
## No bug bounty
`sem_cython12` does not currently operate a paid bug bounty programme.
Reports are appreciated and will be acknowledged in writing.
Reference in New Issue View Git Blame Copy Permalink