We actively maintain security updates for the following versions of NeuralDBG:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
If you discover a security vulnerability in NeuralDBG, please report it to us as follows:
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities by emailing:
- Email: Lemniscate_zero@proton.me
When reporting a security vulnerability, please include:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact and severity assessment
- Any suggested fixes or mitigations
- Your contact information for follow-up
We will acknowledge your report within 48 hours and provide a more detailed response within 7 days indicating our next steps.
We will keep you informed about our progress throughout the process of fixing the vulnerability.
NeuralDBG captures and stores sensitive training data including:
- Model parameters and weights
- Training tensors and gradients
- Network architecture information
- Training hyperparameters
When using NeuralDBG:
- Research Data: Be aware that captured traces may contain sensitive information about your models or training data
- Storage: Tensor snapshots are stored in memory - ensure adequate system resources
- Sharing: Do not share debug traces containing proprietary model information
- Cleanup: Clear debug sessions after use to prevent accidental data exposure
- NeuralDBG performs tensor cloning and detaching operations
- Memory usage scales with model size and training duration
- Monitor system resources when debugging large models
- Consider disk-based storage for long training sessions
- Environment Isolation: Run NeuralDBG in isolated environments
- Data Sanitization: Avoid debugging with sensitive or proprietary data
- Version Updates: Keep NeuralDBG updated to the latest secure version
- Resource Monitoring: Watch memory usage during debugging sessions
- Code Review: All changes undergo security-focused code review
- Dependency Scanning: Dependencies are regularly scanned for vulnerabilities
- Testing: Security implications are considered in test coverage
- Documentation: Security considerations are documented in code comments
We classify vulnerabilities using the following severity levels:
- Critical: Immediate threat to user data or system security
- High: Significant security risk with potential for exploitation
- Medium: Security weakness with limited exploitation potential
- Low: Minor security improvements or hardening opportunities
Security updates will be:
- Released as patch versions (e.g., 1.0.1, 1.0.2)
- Documented in release notes with appropriate severity indicators
- Communicated through our security mailing list
- Coordinated with downstream package maintainers
We appreciate security researchers who help keep NeuralDBG safe. With your permission, we will publicly acknowledge your contribution in our security advisories and release notes.
If you have questions about this security policy or security practices, please contact us.