-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SECURITY.md #145
Comments
Hi @psmoros, Keras is used as a high level API for Tensorflow. Please report any potential security vulnerabilities by following the instructions here. We updated CONTRIBUTING.md noting this after being reached out to from someone else in your community. Thank you! In the future when Keras supports multiple backends we might have to rethink our security procedure. |
Cc'ing @fcoUnda and @learning-to-play who were looking into security. We most likely need a procedure in the future that deals with how users report security issues to keras since these could include Tensorflow, Jax, Pytorch, and even Numpy vulnerabilities. Would you mind taking a look? Thank you! |
Right now, we have a section to report security vulnerabilities in Keras, which ultimately route to TensorFlow |
@grasskin Please look here: https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md#reporting-vulnerabilities |
Since there is no C++ here, the only security issues are of limited impact. CI / supply chain will need to be handled, of course, but anything else likely would come from the downstream dependencies (which TF, PT, JAX, etc. are part of) |
Hello 👋
I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@nhienit2010) has found a potential issue, which I would be eager to share with you.
Could you add a
SECURITY.md
file with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.Looking forward to hearing from you 👍
(cc @huntr-helper)
The text was updated successfully, but these errors were encountered: