Security

Report a vulnerability

SECURITY.md

Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in KRLAdapter.jl, please report it responsibly.

Preferred: Use GitHub Security Advisories

Alternative: Email j.d.a.jewell@open.ac.uk

What to Include

Description of the vulnerability
Steps to reproduce
Affected versions
Potential impact assessment
Suggested fix (if any)

Response Timeline

Acknowledgement: Within 48 hours
Initial assessment: Within 7 days
Fix or mitigation: Within 30 days for critical issues

Scope

This policy covers:

The KRLAdapter.jl Julia package (src/, ext/)
SQLite database operations and schema
Data import/export functionality
The KnotTheory.jl extension

Safe Harbour

We will not pursue legal action against security researchers who:

Act in good faith
Avoid privacy violations and data destruction
Report findings promptly
Allow reasonable time for remediation before disclosure

Security Best Practices

When using KRLAdapter.jl:

Use :memory: databases for untrusted data
Validate Gauss code input before storage
Keep dependencies updated (Pkg.update())

There aren't any published security advisories