Skip to content

Security: eugene-yao-zocdoc/openai

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

We take the security of our library seriously. If you discover a security vulnerability within Betalgo's OpenAI library, please follow these steps:

  1. Do not disclose the vulnerability publicly.
  2. Send a detailed report of the vulnerability to our security team at mail@betalgo.com.
  3. Include the following in your report:
    • A description of the vulnerability
    • Steps to reproduce the issue
    • Potential impact of the vulnerability
    • Suggested fix (if any)

Our security team will acknowledge receipt of your vulnerability report. You'll receive a more detailed response, indicating the next steps in handling your submission.

After the initial reply to your report, our security team will endeavor to keep you informed of the progress being made towards a fix and full announcement. We may ask for additional information or guidance during this process.

Security Measures

To ensure the security of your data when using our library:

  1. Always use the latest supported version of the library.
  2. Keep your API keys and other sensitive information secure. Never hardcode these values in your source code.
  3. Use environment variables or secure secret management solutions to store your OpenAI API keys.
  4. Implement proper error handling to prevent unintended information disclosure.
  5. Be cautious when using user-generated content as input to API calls.

Third-Party Dependencies

Our library uses some third-party dependencies. We regularly review and update these dependencies to address any known security issues. However, users should be aware that the security of these components is outside of our direct control.

Responsible Disclosure

We kindly request that you give us a reasonable amount of time to address any reported vulnerabilities before disclosing them publicly. We appreciate your efforts in improving the security of our library and will acknowledge your contribution (if desired) once the issue is resolved.

Thank you for helping keep Betalgo's OpenAI library and its users safe!

There aren’t any published security advisories