-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
26 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
# Security Policy | ||
|
||
## Report a Vulnerability | ||
|
||
If you found a security vulnerability in Haystack, please send a message to | ||
[security@deepset.ai](mailto:security@deepset.ai). | ||
|
||
If possible, please include: | ||
|
||
1. Reproducible steps on how to trigger the vulnerability. | ||
2. A description on why you are convinced that it exists. | ||
3. Any information you may have on active exploitations of the vulnerability (zero-day). | ||
|
||
## Vulnerability Response | ||
|
||
Your report will be acknowledged within 5 business days, we will do a preliminary analysis | ||
to confirm that the vulnerability is a plausible claim or decline the report otherwise. | ||
|
||
Any information shared with the deepset security team will stay within deepset and will not | ||
be disclosed, except as required to get the issue fixed or to coordinate a vendor response. | ||
|
||
We will keep the reporter updated as the security issue moves through our process. | ||
|
||
Our goal is to disclose bugs as soon as possible once a user mitigation is available. We | ||
will set a disclosure date once the bug is well-understood (in consultation with the bug | ||
reporter and Haystack maintainers). |