We take the security of AI_PRATICE seriously. If you believe you have found a security vulnerability, please report it to us as described below.
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please report them via one of the following methods:
-
GitHub Security Advisories (Preferred)
- Go to the Security tab of this repository
- Click "Report a vulnerability"
- Fill out the form with details about the vulnerability
-
Email
- Send an email to the repository maintainer through GitHub
- Include the word "SECURITY" in the subject line
- Provide detailed information about the vulnerability
Please include the following information in your report:
- Type of vulnerability (e.g., code injection, dependency vulnerability, etc.)
- Full path(s) of source file(s) related to the vulnerability
- Location of the affected source code (tag/branch/commit or direct URL)
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the vulnerability, including how an attacker might exploit it
- Any potential solutions or mitigations you've identified
- Initial Response: Within 48 hours of report submission
- Status Update: Within 7 days with assessment and expected timeline
- Resolution: Varies based on severity and complexity
- Critical: 1-7 days
- High: 7-14 days
- Medium: 14-30 days
- Low: 30-90 days
This repository follows these security practices:
- Dependency Management: Regular updates to third-party libraries
- Code Review: All contributions are reviewed before merging
- Static Analysis: Automated security scanning where applicable
- Best Practices: Following Python and ML security guidelines
| Version | Supported |
|---|---|
| Latest | β Yes |
| Older |
When using this repository:
-
Keep Dependencies Updated
pip install --upgrade numpy pandas matplotlib seaborn scikit-learn mlxtend networkx umap-learn scipy
-
Use Virtual Environments
python -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate pip install -r requirements.txt
-
Validate Data Sources
- Always validate and sanitize external data inputs
- Be cautious with untrusted CSV files or datasets
-
Review Code Before Execution
- Understand what each script does before running it
- Be especially careful with scripts that access external resources
- We will respond to your report within 48 hours with next steps
- We will keep you informed throughout the resolution process
- We will credit you in the security advisory (unless you prefer to remain anonymous)
- We will not take legal action against you if you:
- Make a good faith effort to avoid privacy violations and data destruction
- Do not exploit the vulnerability beyond what is necessary for verification
- Report the vulnerability to us promptly
We ask that you:
- Give us reasonable time to fix the vulnerability before public disclosure
- Do not access, modify, or delete data belonging to others
- Do not perform actions that could negatively impact users or services
- Do not publicly disclose the vulnerability until we have issued a fix
We value the security community's efforts. Security researchers who responsibly disclose vulnerabilities will be:
- Acknowledged in the security advisory (with permission)
- Listed in our Hall of Fame (if applicable)
- Given credit in release notes for the fix
For any security-related questions or concerns, please:
- Open a private security advisory on GitHub
- Contact the maintainers through GitHub
Thank you for helping keep AI_PRATICE and its users safe! π