If you discover a security vulnerability in lab-robot, please report it responsibly.
Email: security@labclaw.org
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (if available)
- We will acknowledge receipt within 48 hours
- We will provide an initial assessment within 7 days
- We aim to resolve confirmed vulnerabilities within 30 days
- Credit will be given to the reporter (unless anonymity is requested)
Security fixes will be coordinated under a 90-day embargo period to allow users to update before details are made public.
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
This policy covers the lab-robot codebase including:
- Core library (
src/lab_robot/) - Robot drivers (
robots/) - CI/CD configurations
Third-party dependencies should be reported to their respective maintainers.