Thank you for helping keep Enterprise AI Architecture in C++ secure.
We take the security of this project seriously and appreciate responsible disclosure of vulnerabilities.
The following table describes which versions currently receive security updates.
| Version | Supported |
|---|---|
| Latest release | ✅ |
Development (main) |
✅ |
| Older releases | ❌ |
If you discover a security vulnerability, please do not create a public GitHub issue.
Instead, report it privately by contacting the project maintainers.
Your report should include, if possible:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- A proof of concept (if safe to share)
- Suggested remediation (optional)
- Relevant logs, screenshots, or stack traces
The more information you provide, the faster we can investigate.
After receiving your report, we aim to:
- Acknowledge receipt within 3–5 business days
- Investigate the issue promptly
- Keep you informed about our progress
- Develop and validate a fix
- Release a security update when appropriate
- Publicly acknowledge your contribution (with your permission)
Response times may vary depending on the complexity and severity of the issue.
We kindly ask that you:
- Allow us reasonable time to investigate and resolve the issue before public disclosure.
- Avoid accessing, modifying, or deleting data that does not belong to you.
- Avoid disrupting services or degrading project availability.
- Report vulnerabilities in good faith.
We appreciate coordinated disclosure that helps protect users and contributors.
This policy applies to:
- Source code
- Build scripts
- Dependencies
- CI/CD workflows
- Documentation
- Configuration files
- Release artifacts
Third-party libraries and dependencies should be reported to their respective maintainers when appropriate.
Contributors are encouraged to:
- Keep dependencies up to date.
- Follow secure coding practices.
- Avoid introducing unnecessary privileges.
- Validate external input.
- Protect sensitive information.
- Use static analysis and security scanning tools.
- Review pull requests carefully for security implications.
Security fixes will be released as soon as practical after validation.
Where appropriate, release notes will include:
- Severity
- Affected versions
- Mitigation guidance
- Upgrade recommendations
We sincerely appreciate researchers, contributors, and community members who responsibly report security issues and help improve the safety and reliability of this project.
Your efforts help make Enterprise AI Architecture in C++ more secure for everyone.