1.2 KiB
1.2 KiB
Security Policy
Reporting a Vulnerability
We take security seriously. If you discover a security vulnerability, please report it responsibly.
Please do NOT report security vulnerabilities through public issues.
How to Report
Email: hello@fromaitochitta.com
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
What to Expect
- Acknowledgment within 48 hours
- Regular updates on progress
- Credit in the fix announcement (if desired)
Supported Versions
| Version | Supported |
|---|---|
| latest | ✅ |
| < latest | ❌ |
Security Best Practices
When using portfolio-optimiser-claude:
- Keep dependencies updated
- Keep your Claude API key in environment variables — never commit secrets
- Follow the principle of least privilege for any data-source credentials
Scope Note
portfolio-optimiser-claude is a technical framework. Deploying organizations own their own data protection, risk, and compliance assessments (DPIA/ROS). The framework ships technical prerequisites (provenance stamping, a mandatory deterministic validator, an offline-by-default test suite) but makes no compliance guarantees.