From bb8bac85e2d0fd924c6d62f30f94283537dc25f9 Mon Sep 17 00:00:00 2001 From: Pedro Kaj Kjellerup Nacht Date: Mon, 13 Nov 2023 19:56:17 +0000 Subject: [PATCH 1/2] Add security policy Signed-off-by: Pedro Kaj Kjellerup Nacht --- SECURITY.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..ff5fe49ad2 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,19 @@ +# Security Policy + +If you have discovered a security vulnerability in this project, please report it +privately. **Do not disclose it as a public issue.** This gives us time to work with you +to fix the issue before public exposure, reducing the chance that the exploit will be +used before a patch is released. + +You may submit the report in the following ways: + +- send an email to ???@???; and/or +- send a [private vulnerability report](https://github.com/keras-team/keras-cv/security/advisories/new) + +Please provide the following information in your report: + +- A description of the vulnerability and its impact +- How to reproduce the issue + +This project is maintained by volunteers on a reasonable-effort basis. As such, +please give us 90 days to work on a fix before public exposure. From 342ce4b6e33635d516a641327525e563cb5c8a8d Mon Sep 17 00:00:00 2001 From: Pedro Kaj Kjellerup Nacht Date: Tue, 14 Nov 2023 16:45:59 +0000 Subject: [PATCH 2/2] Only use private vuln report Signed-off-by: Pedro Kaj Kjellerup Nacht --- SECURITY.md | 1 - 1 file changed, 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index ff5fe49ad2..96015a7125 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -7,7 +7,6 @@ used before a patch is released. You may submit the report in the following ways: -- send an email to ???@???; and/or - send a [private vulnerability report](https://github.com/keras-team/keras-cv/security/advisories/new) Please provide the following information in your report: