Please do not report security vulnerabilities through public GitHub issues.
If you discover a security vulnerability in Memron.ai, please report it privately:
- Email: security@memron.ai (if available)
- Use GitHub's private vulnerability reporting feature
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Initial Response: Within 48 hours
- Status Update: Within 7 days
- Fix Timeline: Depends on severity (critical issues prioritized)
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
When using Memron.ai:
- Never commit secrets - Use environment variables
- Rotate keys regularly - Especially for production
- Use hardware wallets - For production deployments
- Enable 2FA - On all related accounts
- Keep dependencies updated - Run
pnpm updateregularly
- This is early-stage software under active development
- Audit smart contracts before mainnet deployment
- Test encryption/decryption flows thoroughly
- Verify IPFS content addressing integrity
We appreciate responsible disclosure and will:
- Acknowledge your contribution
- Keep you informed of our progress
- Credit you in our security acknowledgments (unless you prefer anonymity)
Thank you for helping keep Memron.ai secure!