If you discover a security vulnerability in any Cyphera project, please report it responsibly.
Email: security@cyphera.io
Please include:
- Description of the vulnerability
- Steps to reproduce
- Affected version(s)
- Any potential impact assessment
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Fix or mitigation: Depends on severity, typically within 2 weeks for critical issues
All versions currently in alpha. Security fixes will be applied to the latest release of each SDK.
This policy covers all repositories under the cyphera-labs organization.
We follow coordinated disclosure. We will work with you to understand and address the issue before any public disclosure.