We take security seriously at Mnemoverse. If you discover a security vulnerability, please follow these steps:
- DO NOT open a public issue
- Email security@mnemoverse.com with:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Your suggested fix (if any)
- 24 hours: Initial acknowledgment
- 72 hours: Preliminary assessment
- 7 days: Detailed response and timeline
- 30 days: Fix implementation (depending on severity)
We provide security updates for:
- Current major version
- Previous major version (for 6 months after new release)
When contributing code:
- Never commit secrets or API keys
- Use environment variables for configuration
- Follow OWASP guidelines
- Keep dependencies updated
We appreciate responsible disclosure and will acknowledge security researchers in our release notes (unless you prefer to remain anonymous).