Security Policy

Supported Versions

We release patches for security vulnerabilities in the following versions:

Version	Supported
0.1.x	:white_check_mark:

Reporting a Vulnerability

Please do not report security vulnerabilities through public GitHub issues.

Use GitHub private vulnerability reporting for this repository when it is enabled. If that channel is unavailable, contact the maintainer through the private contact method listed on the GitHub profile or repository page.

Include the following information:

• Description of the vulnerability

• Steps to reproduce the issue

• Affected versions

• Potential impact

• Any suggested fixes (if available)

What to Expect

• Response time: We will acknowledge your email within 48 hours

• Updates: We will send you regular updates about our progress

• Resolution: Once fixed, we will notify you before public disclosure

• Credit: We will credit you in the security advisory (unless you prefer to remain anonymous)

Security Best Practices

When using Monata:

1. Keep dependencies updated: Use the newest Monata release available from PyPI or your conda channel.

2. Validate inputs: Always validate circuit netlists from untrusted sources

3. Sandbox simulations: Run simulations in isolated environments when processing untrusted data

4. Review model licenses: Ensure compliance with any PDK, PTM, foundry, or third-party model terms before use.

Thank you for helping keep Monata secure!