Hi,
Bumping up the thread. If anyone thinks that there is a need to add
information to our Security FAQ page:
https://mxnet.apache.org/versions/master/api/faq/security.html
Please let us know.
I would also like to bring up that current security vulnerabilities are to be
reported to [email protected]<mailto:[email protected]> as per Apache
guidelines. Is there a requirement to have a separate mailing list for that ?
-Rohit
From: "Srivastava, Rohit Kumar" <[email protected]>
Date: Friday, February 26, 2021 at 11:47 AM
To: "[email protected]" <[email protected]>
Subject: Feedback on security vulnerability reporting guidelines
Hi,
MXNet has the following page that highlights steps on how to report
security vulnerabilities for MXNet:
https://mxnet.apache.org/versions/master/api/faq/security.html
It lists instructions on reporting undisclosed vulnerabilities, security
practices, links to apache security guidelines for users and committers and
also lists considerations for users deploying propriety models to productions
services.
IMO this page provides sufficient information to anyone as to how to inform
apache or project team about vulnerabilities in MXNet. If the community could
also take a look and provide suggestions if anything is missing or needs
improvement would be helpful.
-Rohit
