If you would like to report a vulnerability or have a security concern regarding deepc cloud services or open source projects, please submit the information by contacting security@deepc.ai. If you wish to protect the contents of your submission, you may use our GPG key.
Once the report has been submitted, deepc will work to validate the reported vulnerability. If additional information is required to validate or reproduce the issue, deepc will work with you to obtain it. When the initial investigation is complete, results will be delivered to you along with a plan for resolution and discussion of public disclosure.
deepc is committed to being responsive and keeping you informed of our progress as we investigate and / or mitigate your reported security concern. You will receive a non-automated response to your initial contact within 24 hours, confirming receipt of your reported vulnerability. We strive to provide progress updates at least every five working days to you.
A few things to note about the deepc process:
If applicable, deepc will coordinate public notification of any validated vulnerability with you. Where possible, we prefer that our respective public disclosures be posted simultaneously.
In order to protect our customers, deepc requests that you not post or share any information about a potential vulnerability in any public setting until we have researched, responded to, and addressed the reported vulnerability, and informed customers if needed. Also, we respectfully ask that you do not post or share any data belonging to our customers. Addressing a valid reported vulnerability will take time, and the timeline will depend upon the severity of the vulnerability and the affected systems.
