Security Policy

Reporting a Vulnerability

If you discover a security vulnerability in SARA Open, please report it responsibly:

Email: security@sirp.io

Please include:

Description of the vulnerability
Steps to reproduce
Potential impact
Suggested fix (if any)

Do NOT:

Open a public GitHub issue for security vulnerabilities
Exploit the vulnerability beyond what's needed to demonstrate it
Share the vulnerability publicly before it's been addressed

Response Timeline

Acknowledgment: Within 48 hours
Initial assessment: Within 5 business days
Resolution: Depends on severity, but we prioritize security fixes

Scope

This policy covers the SARA Open application at sara-open.sirp.io and its APIs.

For vulnerabilities in SIRP's commercial products (OmniSense, SIRP SOAR), please contact security@sirp.io with the subject line "SIRP Product Security."

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

Response Timeline

Scope

There aren't any published security advisories

Security: SIRP-Labs/sara-open-feedback

Security

SECURITY.md

Security Policy

Reporting a Vulnerability

Response Timeline

Scope

There aren't any published security advisories