The OpenSandbox team takes security seriously. If you discover a security vulnerability, please report it responsibly.
- GitHub Security Advisories: Open a private security advisory on GitHub
- Email: Contact the maintainers directly with "[SECURITY]" in the subject
- Clear description of the vulnerability
- Steps to reproduce
- Potential impact and scope
- Suggested remediation (if available)
- Acknowledgment within 48 hours
- Investigation and validation
- Fix development and testing
- Coordinated disclosure
Only the latest release and main branch are actively supported with security updates.
When deploying OpenSandbox:
- Keep dependencies up to date
- Use network policies to restrict sandbox egress
- Monitor audit logs regularly
- Follow principle of least privilege