If you discover a security vulnerability in any repository within the mnemom organization, please report it responsibly.
Email: security@mnemom.ai
Please include:
- A description of the vulnerability
- Steps to reproduce
- Affected repository and version (if known)
- Any potential impact assessment
| Stage | Timeframe |
|---|---|
| Acknowledgment | Within 48 hours |
| Triage and severity assessment | Within 1 week |
| Fix development | Depends on severity |
| Patch release | As soon as fix is verified |
This policy applies to all repositories in the mnemom GitHub organization.
We ask that you do not publicly disclose the vulnerability until we have had a chance to address it. We will coordinate disclosure timing with you.
We do not currently operate a bug bounty program. We appreciate responsible disclosure and will credit reporters in release notes (with permission).