You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mxnet.apache.org by "Srivastava, Rohit Kumar" <sr...@buckeyemail.osu.edu> on 2021/02/26 19:47:18 UTC
Feedback on security vulnerability reporting guidelines
Hi,
MXNet has the following page that highlights steps on how to report security vulnerabilities for MXNet:
https://mxnet.apache.org/versions/master/api/faq/security.html
It lists instructions on reporting undisclosed vulnerabilities, security practices, links to apache security guidelines for users and committers and also lists considerations for users deploying propriety models to productions services.
IMO this page provides sufficient information to anyone as to how to inform apache or project team about vulnerabilities in MXNet. If the community could also take a look and provide suggestions if anything is missing or needs improvement would be helpful.
-Rohit
Re: Feedback on security vulnerability reporting guidelines
Posted by Joe Evans <jo...@gmail.com>.
I agree with Sheng, the existing security reporting process using the main
ASF channel is adequate. Thanks for reviewing this Rohit.
Joe
On Fri, Mar 5, 2021 at 8:55 AM Sheng Zha <zh...@apache.org> wrote:
> The security list should be ok and the PPMC will be included through
> private channel if issues are found.
>
> On 2021/03/04 01:03:20, "Srivastava, Rohit Kumar" <
> srivastava.141@buckeyemail.osu.edu> wrote:
> > Hi,
> > Bumping up the thread. If anyone thinks that there is a need to add
> information to our Security FAQ page:
> https://mxnet.apache.org/versions/master/api/faq/security.html
> > Please let us know.
> >
> > I would also like to bring up that current security vulnerabilities are
> to be reported to security@apache.org<ma...@apache.org> as per
> Apache guidelines. Is there a requirement to have a separate mailing list
> for that ?
> >
> > -Rohit
> >
> > From: "Srivastava, Rohit Kumar" <sr...@buckeyemail.osu.edu>
> > Date: Friday, February 26, 2021 at 11:47 AM
> > To: "dev@mxnet.apache.org" <de...@mxnet.apache.org>
> > Subject: Feedback on security vulnerability reporting guidelines
> >
> > Hi,
> > MXNet has the following page that highlights steps on how to report
> security vulnerabilities for MXNet:
> > https://mxnet.apache.org/versions/master/api/faq/security.html
> >
> > It lists instructions on reporting undisclosed vulnerabilities, security
> practices, links to apache security guidelines for users and committers and
> also lists considerations for users deploying propriety models to
> productions services.
> >
> > IMO this page provides sufficient information to anyone as to how to
> inform apache or project team about vulnerabilities in MXNet. If the
> community could also take a look and provide suggestions if anything is
> missing or needs improvement would be helpful.
> >
> > -Rohit
> >
>
Re: Feedback on security vulnerability reporting guidelines
Posted by Sheng Zha <zh...@apache.org>.
The security list should be ok and the PPMC will be included through private channel if issues are found.
On 2021/03/04 01:03:20, "Srivastava, Rohit Kumar" <sr...@buckeyemail.osu.edu> wrote:
> Hi,
> Bumping up the thread. If anyone thinks that there is a need to add information to our Security FAQ page: https://mxnet.apache.org/versions/master/api/faq/security.html
> Please let us know.
>
> I would also like to bring up that current security vulnerabilities are to be reported to security@apache.org<ma...@apache.org> as per Apache guidelines. Is there a requirement to have a separate mailing list for that ?
>
> -Rohit
>
> From: "Srivastava, Rohit Kumar" <sr...@buckeyemail.osu.edu>
> Date: Friday, February 26, 2021 at 11:47 AM
> To: "dev@mxnet.apache.org" <de...@mxnet.apache.org>
> Subject: Feedback on security vulnerability reporting guidelines
>
> Hi,
> MXNet has the following page that highlights steps on how to report security vulnerabilities for MXNet:
> https://mxnet.apache.org/versions/master/api/faq/security.html
>
> It lists instructions on reporting undisclosed vulnerabilities, security practices, links to apache security guidelines for users and committers and also lists considerations for users deploying propriety models to productions services.
>
> IMO this page provides sufficient information to anyone as to how to inform apache or project team about vulnerabilities in MXNet. If the community could also take a look and provide suggestions if anything is missing or needs improvement would be helpful.
>
> -Rohit
>
Re: Feedback on security vulnerability reporting guidelines
Posted by "Srivastava, Rohit Kumar" <sr...@buckeyemail.osu.edu>.
Hi,
Bumping up the thread. If anyone thinks that there is a need to add information to our Security FAQ page: https://mxnet.apache.org/versions/master/api/faq/security.html
Please let us know.
I would also like to bring up that current security vulnerabilities are to be reported to security@apache.org<ma...@apache.org> as per Apache guidelines. Is there a requirement to have a separate mailing list for that ?
-Rohit
From: "Srivastava, Rohit Kumar" <sr...@buckeyemail.osu.edu>
Date: Friday, February 26, 2021 at 11:47 AM
To: "dev@mxnet.apache.org" <de...@mxnet.apache.org>
Subject: Feedback on security vulnerability reporting guidelines
Hi,
MXNet has the following page that highlights steps on how to report security vulnerabilities for MXNet:
https://mxnet.apache.org/versions/master/api/faq/security.html
It lists instructions on reporting undisclosed vulnerabilities, security practices, links to apache security guidelines for users and committers and also lists considerations for users deploying propriety models to productions services.
IMO this page provides sufficient information to anyone as to how to inform apache or project team about vulnerabilities in MXNet. If the community could also take a look and provide suggestions if anything is missing or needs improvement would be helpful.
-Rohit