| Version | Supported |
|---|---|
| 0.1.x | ✅ |
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities via email to: [email protected]
You should receive a response within 48 hours. If the issue is confirmed, we will:
- Work to understand the scope and severity
- Develop and test a fix
- Prepare a security advisory
- Release the fix and advisory simultaneously
- Generated circuits should be validated before production use
- SPICE simulations provide design-time verification only
- Silicon validation is required for production deployment
- Design specifications may contain proprietary information
- Model checkpoints should be stored securely
- Generated circuits may contain intellectual property
- Regular security scanning of Python dependencies
- Pin dependency versions in production
- Monitor for CVEs in PyTorch and scientific computing packages
- Validate SPICE netlist inputs to prevent injection attacks
- Sandbox SPICE simulation environments
- Limit simulation resources to prevent DoS
We appreciate security researchers who help improve our security posture. For responsible disclosure:
- Allow reasonable time for investigation and remediation
- Do not access or modify user data without permission
- Do not perform actions that could harm system availability
- Report vulnerabilities as soon as possible
Security updates will be released as patch versions and announced via:
- GitHub Security Advisories
- Project mailing list
- Release notes with CVE information