If you discover a security vulnerability in KinDB, please report it responsibly.
Email: security@firelock.ai
Please include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: Within 48 hours
- Initial assessment: Within 1 week
- Fix or mitigation: Depends on severity, but we prioritize security issues above all other work
This policy covers the KinDB repository and all crates in the workspace. If you find a vulnerability in a dependency (Tantivy, memmap2, candle, etc.), please report it to the upstream project as well.
We will coordinate disclosure with you. We ask that you give us reasonable time to address the issue before public disclosure.