Skip to content

Security: bundlab/enterprise-ai-cpp

Security

SECURITY.md

Security Policy

Thank you for helping keep Enterprise AI Architecture in C++ secure.

We take the security of this project seriously and appreciate responsible disclosure of vulnerabilities.


Supported Versions

The following table describes which versions currently receive security updates.

Version Supported
Latest release
Development (main)
Older releases

Reporting a Vulnerability

If you discover a security vulnerability, please do not create a public GitHub issue.

Instead, report it privately by contacting the project maintainers.

Your report should include, if possible:

  • A clear description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact
  • A proof of concept (if safe to share)
  • Suggested remediation (optional)
  • Relevant logs, screenshots, or stack traces

The more information you provide, the faster we can investigate.


What to Expect

After receiving your report, we aim to:

  • Acknowledge receipt within 3–5 business days
  • Investigate the issue promptly
  • Keep you informed about our progress
  • Develop and validate a fix
  • Release a security update when appropriate
  • Publicly acknowledge your contribution (with your permission)

Response times may vary depending on the complexity and severity of the issue.


Responsible Disclosure

We kindly ask that you:

  • Allow us reasonable time to investigate and resolve the issue before public disclosure.
  • Avoid accessing, modifying, or deleting data that does not belong to you.
  • Avoid disrupting services or degrading project availability.
  • Report vulnerabilities in good faith.

We appreciate coordinated disclosure that helps protect users and contributors.


Scope

This policy applies to:

  • Source code
  • Build scripts
  • Dependencies
  • CI/CD workflows
  • Documentation
  • Configuration files
  • Release artifacts

Third-party libraries and dependencies should be reported to their respective maintainers when appropriate.


Security Best Practices

Contributors are encouraged to:

  • Keep dependencies up to date.
  • Follow secure coding practices.
  • Avoid introducing unnecessary privileges.
  • Validate external input.
  • Protect sensitive information.
  • Use static analysis and security scanning tools.
  • Review pull requests carefully for security implications.

Security Updates

Security fixes will be released as soon as practical after validation.

Where appropriate, release notes will include:

  • Severity
  • Affected versions
  • Mitigation guidance
  • Upgrade recommendations

Acknowledgements

We sincerely appreciate researchers, contributors, and community members who responsibly report security issues and help improve the safety and reliability of this project.

Your efforts help make Enterprise AI Architecture in C++ more secure for everyone.

There aren't any published security advisories