Guardrails AI's Commitment to Responsible Vulnerability Disclosure

Introduction

At Guardrails AI, the security of our products and open-source packages is paramount. We believe that strong collaboration with the security research community is essential for continuous improvement. That's why we've created this responsible vulnerability reporting policy. This policy provides a clear and transparent process for ethical hackers and security researchers to report potential vulnerabilities to us.

Our Vulnerability Disclosure Program

We encourage the disclosure of any potential security vulnerabilities discovered within our products or the open-source Guardrails AI package on GitHub (https://github.com/guardrails-ai). We appreciate your contributions toward making our software more secure.

How to Report a Vulnerability

• Responsible Disclosure: Please do not share or publicly disclose any vulnerability details until they've been addressed by our team.
• Reporting Method: Please submit your report via our dedicated security email address: security@guardrailsai.com
• Information to Include:
  • A clear description of the potential vulnerability, including the type and impact.
  • Technical details and steps on how to reproduce the issue.
  • Any proof-of-concept code or scripts, if applicable.
  • Your contact information for follow-up purposes.

Our Response Process

• Acknowledgement: We'll acknowledge the receipt of your vulnerability report within a reasonable timeframe (aiming for 2-3 business days).
• Assessment and Validation: Our security team will investigate, validate, and prioritize the reported vulnerability.
• Resolution: We'll work diligently to develop and apply a fix for the vulnerability.
• Communication: We'll maintain communication with you throughout the process, providing updates on our progress.
• Public Disclosure (if applicable): Once a fix is ready and verified, with your agreement, we will coordinate a public disclosure of the vulnerability, providing you with proper recognition for your valuable contribution.

Safe Harbor

We will not pursue legal action against researchers who responsibly report vulnerabilities to us in line with this disclosure policy.

Benefits of Responsible Vulnerability Disclosure

• Stronger Security: Working together with researchers helps us identify and resolve vulnerabilities promptly, improving our products for everyone.
• Trust and Transparency: Building a collaborative relationship with the security community reinforces our customers' trust.
• Recognition: We value the work of security researchers and are committed to publicly acknowledging your contributions, where appropriate. In certain circumstances (and at our discretion) we security bounty will be paid out to the reported based on severity and exploitability of the reported vulnerabilities.

Protecting Our Open Source Project

Responsible vulnerability reporting also applies to our open-source package (https://github.com/guardrails-ai). We encourage you to submit any issues or potential vulnerabilities through GitHub to ensure they are addressed promptly.

Thank You!

We greatly appreciate the help of security researchers in protecting our systems and software for our users.

Contact If you have any further questions about our vulnerability disclosure program, please email us at security@guardrailsai.com.