| Version | Supported |
|---|---|
| 1.0.x | β |
| < 1.0 | β |
If you discover a security vulnerability in AntiStutter, please follow these steps:
Security vulnerabilities should be reported privately to protect users.
- Email: your-security-email@example.com
- Subject: "[SECURITY] Brief description"
- Type of vulnerability
- Affected component(s)
- Steps to reproduce
- Potential impact
- Suggested fix (if you have one)
- Acknowledgment: Within 48 hours
- Assessment: Within 1 week
- Fix: Depends on severity
- Critical: 24-48 hours
- High: 1 week
- Medium: 2 weeks
- Low: Next release
- We will work with you to understand and resolve the issue
- We will credit you (unless you prefer anonymity)
- We will disclose the issue publicly after a fix is released
- Coordinated disclosure: typically 90 days
- Low Volume: Start with low volume settings
- Headphones Only: Never use speakers (feedback risk)
- Monitoring: Discontinue if experiencing discomfort
- Local Processing: All audio processing happens locally
- No Internet: AntiStutter doesn't send data online
- Config Files: Stored locally in
%USERPROFILE%\.antistutter\ - Logs: May contain system info, but no audio data
We use well-maintained open-source libraries:
- numpy, scipy (numerical computing)
- sounddevice, soundfile (audio I/O)
- librosa (audio DSP)
- PyQt5 (GUI)
All dependencies are from PyPI and verified.
-
Download from Official Sources
- GitHub repository
- Official releases only
-
Verify Installation
# Check dependencies pip list # Run tests python tests/test_audio.py
-
Review Permissions
- AntiStutter needs: Microphone, Audio Output
- Does NOT need: Network, Filesystem (beyond config)
-
Keep Updated
- Check for updates regularly
- Read CHANGELOG.md for security fixes
Risk: Using speakers instead of headphones can create loud feedback
Mitigation:
- GUI warning displayed
- Documentation emphasizes headphones requirement
- Consider adding speaker detection (future)
Risk: Application has access to system audio
Mitigation:
- Open source - code is auditable
- No network access
- Local processing only
Risk: Config files could be modified by malware
Mitigation:
- Config files in user directory (sandboxed)
- JSON format (human readable, no code execution)
- Validation on load
- No formal security audits yet (volunteer project)
- Code reviews by maintainers
- Community code review welcome
- Static analysis: flake8, mypy
For security concerns:
- Email: your-security-email@example.com
- GPG Key: [Optional: Add GPG key for encrypted communication]
For general issues:
- GitHub Issues: https://github.com/DancingTedDanson011/antistutter/issues
Thank you for helping keep AntiStutter secure! π