We are committed to ensuring the security of the GeneralizedNotationNotation (GNN) project.

(This table should be updated as the project versions evolve.)

The GNN team and community take all security vulnerabilities seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

If you believe you have found a security vulnerability in GeneralizedNotationNotation, please report it to us in one of the following ways:

1. Email: Send an email to [blanket@activeinference.institute] or a reach out to a dedicated GNN security contact. Please use a clear subject line, such as "Security Vulnerability in GNN Project".
2. GitHub Security Advisories: If you have a GitHub account, you can privately report a vulnerability using GitHub Security Advisories for the GeneralizedNotationNotation repository.

Please do not report security vulnerabilities through public GitHub issues.

When reporting a vulnerability, please include the following information if possible:

• A clear description of the vulnerability.
• The component or file(s) affected.
• Steps to reproduce the vulnerability.
• The version(s) of the software affected.
• Any potential impact of the vulnerability.
• Any suggested mitigations or fixes, if you have them.

Once a security vulnerability is reported, we will aim to:

• Investigate the report and determine its validity and severity.
• Work to develop a fix for the vulnerability.
• Release a patch or new version of the software to address the vulnerability in a timely manner.
• Publicly acknowledge your contribution (unless you prefer to remain anonymous) when the vulnerability is disclosed, if appropriate.

• Keep your local clone of the repository up to date with the main branch.
• Ensure your Python environment and dependencies (as listed in src/requirements.txt) are regularly updated to their latest secure versions.
• Be cautious when running code or scripts from untrusted sources.
• If contributing, ensure your code does not introduce new vulnerabilities. Follow secure coding practices.

We appreciate your help in keeping GeneralizedNotationNotation physically, digitally, and cognitively secure.