Please report security issues privately to the maintainers before opening a public issue. If a dedicated security contact is not listed in the GitHub repository, contact the NUS-HPC-AI-Lab maintainers through the organization profile.

Include the affected version or commit, a minimal reproduction when possible, and any relevant environment details. We will acknowledge valid reports and coordinate a fix or disclosure timeline as appropriate.

This policy covers vulnerabilities in the OrScale source code and packaging. It does not cover third-party datasets, model checkpoints, external services, or infrastructure used to run experiments.