Currently, the Open Memory Protocol is in Draft status. We will formally support specific versions once Section 1.0 is finalized.

If you discover a security vulnerability in the Open Memory Protocol standard, reference implementations, SDKs, or connectors, please report it to us confidentially.

DO NOT log an issue on GitHub, this alerts the public to the vulnerability before it can be patched.

Please email your findings to security@openmemoryprotocol.com.

1. Description: Describe the vulnerability in detail.
2. Impact: Identify what could happen if exploited.
3. Reproduction Steps: Step-by-step instructions on how to reproduce the vulnerability (including PoC scripts or HTTP requests if applicable).
4. Environment: Which component does this affect? (e.g. omp-python SDK, reference-server, the specification itself)

1. We will acknowledge receipt of your vulnerability report within 48 hours.
2. The OMP Working Group will review the vulnerability and confirm it.
3. We will collaborate with you to create a patch / spec update.
4. Once resolved, we will publish a security advisory and credit you for the discovery (unless you request anonymity).

Thank you for helping keep OMP secure.