Security Policy
Responsible disclosure policy for the AIPolicy project.
Reporting a Vulnerability
If you discover a security vulnerability in the AIPolicy specification, website, or any related tooling, please report it responsibly.
Do NOT open a public issue
Please do not disclose security vulnerabilities via GitHub issues,
discussions, or any other public channel. Use the email address below.
Report security issues to:
security@aipolicy-spec.org
Our Response Commitment
- Acknowledgment: We will acknowledge your report within 48 hours.
- Assessment: We will assess the severity and impact within 5 business days.
- Resolution: We will work on a fix and keep you informed of progress.
- Disclosure: We will coordinate public disclosure with you once a fix is available.
Scope
This policy covers:
- The aipolicy-spec.org website and its infrastructure
- The AIPolicy specification documents
- Official AIPolicy tooling and validators
- The AIPolicy GitHub repositories
Bug Bounty
We currently do not operate a bug bounty program. We appreciate your responsible disclosure and will credit you in our security advisories (with your permission).