Hi,
MXNet has the following page that highlights steps on how to report
security vulnerabilities for MXNet:
https://mxnet.apache.org/versions/master/api/faq/security.html
It lists instructions on reporting undisclosed vulnerabilities, security
practices, links to apache security guidelines for users and committers and
also lists considerations for users deploying propriety models to productions
services.
IMO this page provides sufficient information to anyone as to how to inform
apache or project team about vulnerabilities in MXNet. If the community could
also take a look and provide suggestions if anything is missing or needs
improvement would be helpful.
-Rohit
