As an open-source privacy middleware designed for SME data analytics, the security and integrity of DiffPriv-Gateway are our top priorities. This policy outlines how we handle security vulnerabilities and which versions are currently supported with security updates.
We currently provide security support for the following versions of the project:
| Version | Supported | Python Version |
|---|---|---|
| 1.0.x | ✅ | 3.12+ |
| < 1.0.0 | ❌ | < 3.12 |
We strongly encourage users and researchers to report any potential security vulnerabilities, especially those related to:
- Privacy Leaks: Flaws in the Laplacian mechanism or epsilon budget tracking.
- Data Handling: Insecure parsing of CSV datasets.
- Dependency Risks: Vulnerabilities in core libraries like
diffprivliborpandas.
Please follow these steps to report a vulnerability:
- Email: Send a detailed report to [Your-Email-Here] (or the project lead, Dionysis33).
- Details: Include a description of the vulnerability, a proof of concept (PoC), and the potential impact on SME data privacy.
- Disclosure: We follow a responsible disclosure policy. Please do not report security vulnerabilities via public GitHub Issues.
- Acknowledgment: You will receive an acknowledgment of your report within 48 hours.
- Investigation: Our team (Dionysis33 & Athina34) will prioritize the fix based on the severity.
- Resolution: Once a fix is verified, we will release a security advisory and credit the researcher (if desired).
Since this project implements Differential Privacy for GDPR compliance, we treat all "privacy budget" overflows or mathematical weaknesses as critical security bugs.
Last updated: February 28, 2026