If you discover a security vulnerability in Dev Machine Guard, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please email: security@stepsecurity.io
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
We will acknowledge your report within 48 hours and provide a detailed response within 5 business days.
This policy covers:
- The
stepsecurity-dev-machine-guardbinary and Go source code ininternal/ - The StepSecurity backend API (for enterprise mode)
| Version | Supported |
|---|---|
| Latest | Yes |
| < Latest | No |
We recommend always using the latest release.