If you identified an unexpected behaviour which cannot be abused to compromise the security of the software, please submit an issue on GitHub.
We welcome the contribution of proposed fixes and PRs.
Our development team will assign a priority to your report and we will release an update including the fix as soon as possible.
If the bug you identified has security implications, please keep reading.
Before every release, Singularity Pro goes under extensive testing and QA. Occasionally, under some specific corner cases and rare situations, problems may still arise.
Use the contact form or email us at firstname.lastname@example.org to describe the problem you encountered in detail. We will get back to you within 48 hours.
We take security very seriously, our goal is to provide Singularity and Singularity Pro users with the best possible assistance regarding any issue that might affect the security of their systems.
The Singularity team values the members of the security research community who find security vulnerabilities and cooperate so that security fixes can be issued to all users in a timely manner and without leaving windows of exposure to attacks.
If you believe you have discovered a vulnerability in Singularity or Singularity Pro, notify our team either:
We encourage people who contact Singularity Security team to use email encryption, get our PGP public key and verify the fingerprint:
Users of Singularity Open-Source are notified of new security issues on the Singularity Google Group.
Singularity Pro customers receive information about security flaws that affect Sylabs products and services in the form of security advisories sent to the dedicated Sylabs Security mailing-list.
Sylabs does not provide advance notification of private security issues to partners or customers, or inform them that an investigation is underway for such issues.
For issues already in the public domain, we may notify our partners, customers, or other organizations about our response process or investigations.
Our policy is to credit all researchers in the announcement of the vulnerability after a security update has been published.
In order to receive credit, security researchers must follow responsible disclosure practices, including: