Skip to content

Security: thookham/RefineryOpt

Security

SECURITY.md

Security Policy

Supported Versions

Version Supported
0.5.x
0.4.x
< 0.4

Reporting a Vulnerability

If you discover a security vulnerability in RefineryOpt, please report it responsibly:

  1. Do NOT open a public GitHub issue for security vulnerabilities
  2. Email the maintainers directly at: [security@your-domain.com]
  3. Include:
    • Description of the vulnerability
    • Steps to reproduce
    • Potential impact
    • Any suggested fixes (optional)

What to Expect

  • Acknowledgment: Within 48 hours
  • Initial Assessment: Within 7 days
  • Resolution Timeline: Depends on severity
    • Critical: 24-72 hours
    • High: 7 days
    • Medium: 30 days
    • Low: 90 days

Scope

This security policy applies to:

  • The main RefineryOpt Python package
  • Example configurations
  • Documentation

Out of Scope

  • Third-party dependencies (report to respective maintainers)
  • Issues in forked repositories

Security Best Practices

When using RefineryOpt:

  1. Never commit credentials - Use environment variables for API keys
  2. Validate input data - Especially when loading external YAML/JSON
  3. Use virtual environments - Isolate dependencies
  4. Keep dependencies updated - Run pip list --outdated regularly

Acknowledgments

We appreciate security researchers who help keep RefineryOpt safe. Contributors will be acknowledged (with permission) in our security hall of fame.

There aren’t any published security advisories