| Version | Supported |
|---|---|
| 0.1.x | ✅ |
We take security seriously. If you discover a vulnerability in OpenSIN Code, please follow these steps:
- DO NOT open a public issue
- Use GitHub Security Advisories or email
security@opensin.ai - Include: description of the vulnerability, steps to reproduce, potential impact, suggested fix
- Initial response: Within 48 hours
- Assessment: Within 5 business days
- Fix deployment: Critical: 7 days, High: 14 days, Medium: 30 days
- Never commit API keys, tokens, or secrets to the repository
- Use environment variables for sensitive configuration
- Review all dependencies for known vulnerabilities
- Keep all packages up to date
- Use the built-in permission system to restrict tool access
We follow a responsible disclosure policy. Security researchers who report valid vulnerabilities will be credited in our security acknowledgments.