Monte Carlo values independent security research and believes responsible vulnerability disclosure ensures user security and privacy.

Please do NOT raise a GitHub Issue to report a security vulnerability. If you believe you have found a security vulnerability, please submit a report to security@montecarlodata.com. Proof of concepts are appreciated. We provide additional information on how to report security vulnerabilities to Monte Carlo.

We ask that you do not use other channels or contact project contributors directly.

Non-vulnerability related security issues such as new great new ideas for security features are welcome on GitHub Issues.

Security updates will be released on a regular cadence and are aligned with the severity of the issue. More details can be found on our Trust Center portal. Additional information, including our vulnerability management policy, is available on our our Trust Center portal.

We may provide security related information such as a threat model, considerations for secure use, or any known security issues in our documentation. Please note that documentation and sample code are intended to demonstrate a concept and may not be sufficiently hardened for production use.