| Version | Supported |
|---|---|
| 0.1.x | ✅ |
We take security seriously at SuperOpt. If you discover a security vulnerability, please report it responsibly.
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please send an email to: [email protected]
Include the following information:
- Type of vulnerability
- Full paths of source files related to the vulnerability
- Location of the affected source code (tag/branch/commit or direct URL)
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact assessment
- Acknowledgment: We will acknowledge receipt within 48 hours
- Assessment: We will assess the vulnerability and determine its impact
- Updates: We will keep you informed of our progress
- Resolution: We aim to resolve critical vulnerabilities within 7 days
- Disclosure: We will coordinate public disclosure with you
We consider security research conducted in good faith to be authorized. We will not pursue legal action against researchers who:
- Make a good faith effort to avoid privacy violations and data destruction
- Do not exploit vulnerabilities beyond what is necessary to demonstrate the issue
- Report vulnerabilities promptly and provide reasonable time for remediation
When using SuperOpt:
- API Keys: Never commit API keys or credentials to version control
- Model Access: Use appropriate access controls for LLM API endpoints
- Data Privacy: Be mindful of sensitive data in execution traces
- Dependencies: Regularly update dependencies to patch known vulnerabilities
For security concerns: [email protected] For general questions: [email protected]