| Version | Supported |
|---|---|
| 0.1.x | ✅ |
We take security seriously in PSDL, especially given its application in healthcare environments.
If you discover a security vulnerability, please report it by:
- DO NOT open a public GitHub issue
- Email security concerns to: [security@psdl-lang.org] (replace with actual email)
- Include as much detail as possible:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
- Acknowledgment: We will acknowledge receipt within 48 hours
- Assessment: We will assess the vulnerability within 7 days
- Resolution: Critical vulnerabilities will be addressed within 30 days
- Disclosure: We follow responsible disclosure practices
Security concerns relevant to PSDL include:
- Vulnerabilities in the parser that could allow code injection
- Logic flaws that could cause incorrect clinical evaluations
- Issues that could compromise patient data confidentiality
- Denial of service vulnerabilities in the evaluator
- Security issues in dependencies (report to those projects)
- Issues requiring physical access to systems
- Social engineering attacks
When deploying PSDL in clinical environments:
- Validate all scenarios before production use
- Use version control for all scenario definitions
- Implement access controls for scenario editing
- Audit all changes to clinical scenarios
- Test thoroughly with representative data before deployment
- Follow your institution's security and compliance policies
PSDL is designed to support compliance with:
- HIPAA (US)
- GDPR (EU)
- FDA Software as Medical Device (SaMD) guidelines
- EU Medical Device Regulation (MDR)
However, compliance is the responsibility of the implementing organization. PSDL provides tools for auditability and traceability, but proper implementation and operational procedures are required.