mirror of
https://github.com/deepset-ai/haystack.git
synced 2025-06-26 22:00:13 +00:00
b07fcb7185
* add the security policy * Apply suggestions from code review Co-authored-by: Agnieszka Marzec <97166305+agnieszka-m@users.noreply.github.com> * include review feedback Co-authored-by: Agnieszka Marzec <97166305+agnieszka-m@users.noreply.github.com>
27 lines
1.0 KiB
Markdown
27 lines
1.0 KiB
Markdown
# Security Policy
|
|
|
|
## Report a Vulnerability
|
|
|
|
If you found a security vulnerability in Haystack, send a message to
|
|
[security@deepset.ai](mailto:security@deepset.ai).
|
|
|
|
In your message, please include:
|
|
|
|
1. Reproducible steps to trigger the vulnerability.
|
|
2. An explanation of what makes you think there is a vulnerability.
|
|
3. Any information you may have on active exploitations of the vulnerability (zero-day).
|
|
|
|
## Vulnerability Response
|
|
|
|
We'll review your report within 5 business days and we will do a preliminary analysis
|
|
to confirm that the vulnerability is plausible. Otherwise, we'll decline the report.
|
|
|
|
We won't disclose any information you share with us but we'll use it to get the issue
|
|
fixed or to coordinate a vendor response, as needed.
|
|
|
|
We'll keep you updated of the status of the issue.
|
|
|
|
Our goal is to disclose bugs as soon as possible once a user mitigation is available.
|
|
Once we get a good understanding of the vulnerability, we'll set a disclosure date after
|
|
consulting the author of the report and Haystack maintainers.
|