elias/core
1
0
Fork 0
mirror of https://github.com/eliasstepanik/core.git synced 2026-01-09 22:48:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
core/SECURITY.md
Harshith Mullapudi 1fa7fd93d5
Feat: spaces (#51) 
* feat: Episode ingestion update
Benchmarking CORE

* Feat: Spaces in knowledge graph

* fix: remove daily assignment

* Feat: add spaces

* Feat: spaces

---------

Co-authored-by: Manoj K <saimanoj58@gmail.com>
2025-08-21 11:53:45 +05:30

4.3 KiB
Raw Permalink Blame History

Security Policy

Our Commitment to Security

C.O.R.E (Contextual Observation & Recall Engine) takes security seriously. We are committed to protecting user data and maintaining the highest security standards for our memory graph platform.

Supported Versions

We currently support the following versions with security updates:

Version Supported
0.1.x
< 0.1

Reporting Security Vulnerabilities

We appreciate responsible disclosure of security vulnerabilities. If you discover a security issue, please follow these steps:

How to Report

📧 Email: harshith@tegon.ai

Please include the following information in your report:

  • A clear description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact and severity assessment
  • Any suggested mitigation or fix (if available)
  • Your contact information for follow-up

What to Expect

  1. Acknowledgment: We will acknowledge receipt of your report within 48 hours
  2. Initial Assessment: We will provide an initial assessment within 5 business days
  3. Investigation: We will investigate and work on a fix
  4. Resolution: We will notify you when the issue is resolved
  5. Credit: With your permission, we will credit you in our security advisories

Responsible Disclosure Guidelines

  • Do not publicly disclose the vulnerability until we have had a chance to address it
  • Do not access or modify user data without explicit permission
  • Do not perform testing that could impact service availability
  • Report the vulnerability as soon as possible after discovery

Security Best Practices for Users

For Cloud Users (core.heysol.ai)

  • Use strong, unique passwords for your account
  • Enable two-factor authentication when available
  • Review connected applications and integrations regularly
  • Report suspicious activity immediately
  • Keep your API keys and access tokens secure

For Self-Hosted Deployments

  • Follow our Security Hardening Guide
  • Use HTTPS/TLS for all communications
  • Regularly update dependencies and base images
  • Implement proper backup and disaster recovery procedures
  • Monitor logs for suspicious activity
  • Use strong authentication mechanisms
  • Secure your database and Redis instances
  • Implement network security controls (firewalls, VPNs)

Data Protection

Data Encryption

  • In Transit: All data is encrypted using TLS 1.3
  • At Rest: Sensitive data including tokens are encrypted using AES-256
  • Database: Personal access tokens are stored with cryptographic hashing

Data Retention

  • User data is retained according to our privacy policy
  • Users can request data deletion at any time
  • Deleted data is permanently removed from our systems within 30 days

Access Controls

  • Role-based access control (RBAC) for all system components
  • Principle of least privilege for all user and system accounts
  • Regular access reviews and deprovisioning procedures

Security Architecture

Authentication & Authorization

  • OAuth 2.0 integration (Google)
  • Magic link authentication for passwordless login
  • Personal Access Tokens for API access
  • Workspace-based isolation and access controls

Infrastructure Security

  • Regular security updates and patch management
  • Network segmentation and access controls
  • Monitoring and alerting for security events
  • Regular security assessments and code reviews

Compliance

We are working toward compliance with:

  • SOC 2 Type II - Information security management
  • GDPR - Data protection and privacy rights
  • CCPA - California consumer privacy rights

Security Updates

Security updates will be:

  • Released as soon as possible after discovery and resolution
  • Announced through our official channels
  • Documented in our changelog with appropriate severity levels

Contact Information

For security-related inquiries:

Bug Bounty Program

We are currently evaluating the implementation of a formal bug bounty program. In the meantime, we encourage responsible disclosure and may offer recognition for significant security contributions.

Last Updated: January 2025 Version: 1.0