We provide security updates for the following versions of TQC:
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
We take the security of TQC seriously. If you believe you have found a security vulnerability, please report it to us responsibly.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please send an email to krishna@krishnabajpai.me with the following information:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any suggested mitigation
You should receive a response within 48 hours. If the issue is confirmed, we will:
- Acknowledge the vulnerability and work on a fix
- Keep you informed of our progress
- Credit you in the security advisory (unless you prefer to remain anonymous)
- Release a security update as soon as possible
When using TQC, please be aware of the following security considerations:
- Always validate quantum circuits from untrusted sources
- Be cautious when loading circuit files from external sources
- The compiler performs basic validation, but complex circuits should be reviewed
- Large quantum simulations can consume significant computational resources
- Consider implementing resource limits in production environments
- Monitor memory usage when simulating circuits with many qubits
- Keep dependencies up to date to receive security patches
- Review the security advisories for JAX, NumPy, and other dependencies
- Use virtual environments to isolate TQC installations
- Classical simulation may reveal information about quantum states
- Be cautious when simulating sensitive quantum algorithms
- Consider the security implications of logging simulation results
- Day 0: Vulnerability reported
- Day 1-2: Initial response and acknowledgment
- Day 3-7: Vulnerability assessment and reproduction
- Day 8-21: Develop and test fix
- Day 22-30: Coordinate disclosure and release security update
We appreciate your help in keeping TQC secure!