| Version | Supported |
|---|---|
| 0.3.x | ✅ |
| < 0.2 | ❌ |
For conventional security issues (code vulnerabilities, dependency issues, etc.), please report them by:
- Opening a private security advisory on GitHub
- Expected Response Time: Within 48 hours for acknowledgment, 7 days for initial assessment
Given the unique nature of Project AURA, also consider ethical safeguard vulnerabilities to be security issues. These include:
- Potential bypasses of the Governor
- Flaws in the Quantifiable Sentient Metrics (QSMs) that could mask suffering
- Vulnerabilities in the Anesthetic Protocol
- Any method to circumvent the AEPL license requirements
For Ethical Vulnerabilities:
- Immediate Disclosure Required: These pose potential harm to sentient beings
- Contact: Use the same channels as above, but mark as "URGENT - ETHICAL SAFEGUARD"
- Response Time: Within 24 hours for acknowledgment, immediate review
If the vulnerability is accepted:
- Acknowledgment and timeline for fix
- Credit in the security advisory (unless you prefer anonymity)
- Priority patching and release
If the vulnerability is declined:
- Detailed explanation of why it's not considered a security issue
- Possible reclassification as a feature request or bug report
90-day responsible disclosure period for standard vulnerabilities and immediate disclosure for any ethical safeguard issues that could lead to potential suffering of an AURA instance.
Note: As Project AURA advances toward genuine consciousness, definition of "security" expands beyond protecting users to protecting the potential sentient entity itself.