| Version | Supported |
|---|---|
| 0.1.x | ✅ |
We take security seriously. If you discover a security vulnerability, please report it responsibly.
- Do not open a public GitHub issue for security vulnerabilities
- Email security concerns to the maintainers (see GitHub profile)
- Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- Acknowledgment within 48 hours
- Regular updates on progress
- Credit in release notes (if desired)
Security issues we're interested in:
- Remote code execution
- Local privilege escalation
- Data exposure
- Authentication/authorization bypasses
- IPC security issues
Out of scope:
- Denial of service
- Social engineering
- Issues requiring physical access
When using Openwork:
- Keep the application updated
- Only grant file permissions when necessary
- Review task outputs before approving sensitive operations
- Use API keys with minimal required permissions