| # Open Interpreter Security Policy | |
| We take security seriously. Responsible reporting and disclosure of security | |
| vulnerabilities is important for the protection and privacy of our users. If you | |
| discover any security vulnerabilities, please follow these guidelines. | |
| Published security advisories are available on our [GitHub Security Advisories] | |
| page. | |
| To report a vulnerability, please draft a [new security advisory on GitHub]. Any | |
| fields that you are unsure of or don't understand can be left at their default | |
| values. The important part is that the vulnerability is reported. Once the | |
| security advisory draft has been created, we will validate the vulnerability and | |
| coordinate with you to fix it, release a patch, and responsibly disclose the | |
| vulnerability to the public. Read GitHub's documentation on [privately reporting | |
| a security vulnerability] for details. | |
| Please do not report undisclosed vulnerabilities on public sites or forums, | |
| including GitHub issues and pull requests. Reporting vulnerabilities to the | |
| public could allow attackers to exploit vulnerable applications before we have | |
| been able to release a patch and before applications have had time to install | |
| the patch. Once we have released a patch and sufficient time has passed for | |
| applications to install the patch, we will disclose the vulnerability to the | |
| public, at which time you will be free to publish details of the vulnerability | |
| on public sites and forums. | |
| If you have a fix for a security vulnerability, please do not submit a GitHub | |
| pull request. Instead, report the vulnerability as described in this policy. | |
| Once we have verified the vulnerability, we can create a [temporary private | |
| fork] to collaborate on a patch. | |
| We appreciate your cooperation in helping keep our users safe by following this | |
| policy. | |
| [github security advisories]: https://github.com/KillianLucas/open-interpreter/security/advisories | |
| [new security advisory on github]: https://github.com/KillianLucas/open-interpreter/security/advisories/new | |
| [privately reporting a security vulnerability]: https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability | |
| [temporary private fork]: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/collaborating-in-a-temporary-private-fork-to-resolve-a-repository-security-vulnerability | |