|
| 1 | +# Security Policy |
| 2 | + |
| 3 | +## Reporting a Vulnerability |
| 4 | + |
| 5 | +**Do not open a public GitHub issue for security vulnerabilities.** |
| 6 | + |
| 7 | +Use [GitHub Private Vulnerability Reporting](https://github.com/agent-substrate/substrate/security/advisories/new) |
| 8 | +to report privately. Alternatively, email the maintainers at |
| 9 | +[ate-dev@googlegroups.com](mailto:ate-dev@googlegroups.com) with the subject |
| 10 | +line `[SECURITY]`. |
| 11 | + |
| 12 | +Include the affected component, reproduction steps, and potential impact. |
| 13 | + |
| 14 | +## Response Times |
| 15 | + |
| 16 | +| Severity | Acknowledgment | Target Fix | |
| 17 | +| -------- | --------------- | ----------- | |
| 18 | +| Critical | 1 business day | 7 days | |
| 19 | +| High | 2 business days | 30 days | |
| 20 | +| Medium | 5 business days | 90 days | |
| 21 | +| Low | 5 business days | Best effort | |
| 22 | + |
| 23 | +These are targets, not guarantees. Agent Substrate does not have a dedicated |
| 24 | +security team. |
| 25 | + |
| 26 | +## Supported Versions |
| 27 | + |
| 28 | +There are no stable releases yet. Security fixes are applied to `main` only. |
| 29 | + |
| 30 | +## Scope |
| 31 | + |
| 32 | +In scope: the Agent Substrate control plane (`ateapi`), node supervisor |
| 33 | +(`atelet`, `ateom`), networking stack (`atenet`), and CLI (`kubectl-ate`). |
| 34 | + |
| 35 | +Out of scope: |
| 36 | +- The underlying Kubernetes cluster or cloud infrastructure. |
| 37 | +- The sandbox runtimes (gVisor, Kata Containers); report those to their |
| 38 | + respective projects. |
| 39 | +- Known limitations listed in [docs/roadmap.md](docs/roadmap.md) and |
| 40 | + [AGENTS.md](AGENTS.md). |
| 41 | + |
| 42 | +## Disclosure |
| 43 | + |
| 44 | +After a fix is merged, we publish a |
| 45 | +[GitHub Security Advisory](https://github.com/agent-substrate/substrate/security/advisories) |
| 46 | +describing the vulnerability and the fix. Timing is coordinated with the |
| 47 | +reporter. |
0 commit comments