ODE-toolbox is research-oriented software and as such is expected to run mainly in well-protected environments. In case it is found that this software can be used to violate security mechanisms, developers will try to provide patches that mitigate the risk of this misuse.

The current policy is explained in SECURITY.md in the ODE-toolbox main branch. The policy can also be found at https://github.com/nest/ode-toolbox/security/policy.

Generally only the latest release will receive security related updates. Currently the following versions are being supported with security updates:

For reporting a vulnerability please create a security advisory on the nest/ode-toolbox Security Advisories page. You need a GitHub account to create an advisory.

Developers will then contact the reporter in a timely manner to assess severity and further handling via Security Advisories or as normal Issue in non-critical cases.