We take the security of our OpenCHAMI seriously. This document explains how to report vulnerabilities and how we handle them.
If you believe you have found a security issue, please do not open a public issue.
Instead:
- Email us at security@openchami.org
Please include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (if available)
- We will acknowledge receipt of your report within 48 hours.
- We will investigate and provide a target date for a fix (if confirmed).
- We will coordinate disclosure with you, ensuring you are credited if desired.
- A security advisory and patch release will be published once resolved.
We strive for responsible disclosure. Security advisories will be published in:
- GitHub Security Advisories
- Release notes
- Mailing list / community announcements
Thank you for helping keep our community safe!