The following versions of CUDA Kernel Academy are currently supported with security updates:

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.

Please do NOT create a public GitHub issue for security vulnerabilities.

Instead, please report security vulnerabilities through:

1. GitHub Security Advisories (preferred): Use GitHub's private vulnerability reporting

When reporting a vulnerability, please include:

• Description: A clear description of the vulnerability
• Impact: Potential impact and severity assessment
• Reproduction: Steps to reproduce the issue
• Affected versions: Which versions are affected
• Suggested fix: If you have a suggested fix or mitigation

• Acknowledgment: We will acknowledge receipt within 48 hours
• Initial assessment: We will provide an initial assessment within 7 days
• Resolution: We aim to resolve critical issues within 30 days

• We follow responsible disclosure practices
• We will coordinate with you on disclosure timing
• We will credit reporters in security advisories (unless you prefer anonymity)

When using CUDA Kernel Academy in your projects:

• Always use CUDA error checking macros (TC_CUDA_CHECK)
• Validate input dimensions before kernel launches
• Use bounds checking in debug builds

// Example: Validate matrix dimensions
if (M <= 0 || N <= 0 || K <= 0) {
    throw std::invalid_argument("Matrix dimensions must be positive");
}

// Example: Check for null pointers
if (A == nullptr || B == nullptr || C == nullptr) {
    throw std::invalid_argument("Matrix pointers cannot be null");
}

• Use RAII wrappers for GPU memory (DeviceMemory<T>)
• Always free allocated resources
• Handle CUDA errors gracefully

• GPU memory is not automatically cleared on allocation
• Sensitive data should be explicitly zeroed before deallocation
• Consider using cudaMemset for sensitive buffers

• Shared memory persists between kernel launches on the same SM
• Be cautious with sensitive data in shared memory

• Error messages may contain system information
• Consider sanitizing error output in production environments

Security updates will be released as:

• Patch releases for critical vulnerabilities
• Minor releases for non-critical security improvements

Subscribe to releases to stay informed about security updates.

For security-related questions that are not vulnerabilities, you can:

• Open a Discussion
• Contact maintainers through GitHub

Thank you for helping keep CUDA Kernel Academy secure!