We take the security of our software seriously and appreciate the support of our users in identifying and responsibly disclosing vulnerabilities. To report a security vulnerability or exploit related one of our repositories, please contact us via email at [email protected].

Attention!
Do not publicly disclose the vulnerability in a Github Issue or on a public forum such as X/Twitter.

We welcome security vulnerability reports related to both the SigTech API and the Python SDK. However, please note that we do not accept reports for third-party libraries or Python itself.

We strive to promptly respond to security vulnerability reports. Our expected response times are as follows:

• Severe issues: 24 hours
• Other issues: 72 hours

When reporting a security vulnerability, please provide as much relevant information as possible to help us understand and address the issue. Include the following details in your report:

• Type of Issue: describe the type of vulnerability (e.g. data access, privilege escalation, etc.).
• Affected source code: provide the full paths of the source file(s) related to the issue.
• Location of affected code: indicate the specific tag, branch, commit, or direct URL of the affected source code.
• Configuration: if the issue requires any special configuration to reproduce, please specify.
• Reproduction steps: offer step-by-step instructions to reproduce the vulnerability.
• Proof-of-concept: if possible, provide a proof-of-concept or exploit code demonstrating the vulnerability.
• Impact: explain the potential impact of the issue and how an attacker might exploit it.

Please note that this security policy may be updated or revised in the future. We encourage you to check this file periodically for any changes. Thank you for helping us keep our projects secure. Your efforts and responsible disclosure are greatly appreciated.