portfolio-optimiser-claude/SECURITY.md

1.2 KiB

Security Policy

Reporting a Vulnerability

We take security seriously. If you discover a security vulnerability, please report it responsibly.

Please do NOT report security vulnerabilities through public issues.

How to Report

Email: hello@fromaitochitta.com

Include:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Any suggested fixes (optional)

What to Expect

  • Acknowledgment within 48 hours
  • Regular updates on progress
  • Credit in the fix announcement (if desired)

Supported Versions

Version Supported
latest
< latest

Security Best Practices

When using portfolio-optimiser-claude:

  • Keep dependencies updated
  • Keep your Claude API key in environment variables — never commit secrets
  • Follow the principle of least privilege for any data-source credentials

Scope Note

portfolio-optimiser-claude is a technical framework. Deploying organizations own their own data protection, risk, and compliance assessments (DPIA/ROS). The framework ships technical prerequisites (provenance stamping, a mandatory deterministic validator, an offline-by-default test suite) but makes no compliance guarantees.