HailBytes takes security vulnerabilities seriously. If you discover a security issue in this repository or any HailBytes product, please do not open a public GitHub issue.
Email: security@hailbytes.com
Please include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested mitigations (optional)
We will acknowledge receipt within 2 business days and aim to provide a resolution timeline within 7 business days.
| Version | Supported |
|---|---|
| Latest | ✅ |
| N-1 | ✅ Security fixes only |
| < N-1 | ❌ |
HailBytes follows a coordinated disclosure model. We ask that you:
- Report the vulnerability to us privately first.
- Give us reasonable time to investigate and patch (typically 90 days).
- Avoid publicly disclosing details until a fix is available.
We will credit researchers in our release notes unless you prefer to remain anonymous.
This security policy covers:
- Code and configurations in this repository
- HailBytes ASM and SAT APIs
- HailBytes BYOC deployment modules
Out of scope: third-party dependencies (please report those upstream), HailBytes.com marketing website.
For sensitive disclosures, our security team PGP key is available at:
hailbytes.com/.well-known/security.txt