From 070b661b97ad9a9986e7c1b08e7e8da1ee417f44 Mon Sep 17 00:00:00 2001 From: Dan Sun Date: Sat, 12 Nov 2022 15:33:00 -0500 Subject: [PATCH] Add security vulnerabilities reporting process (#2523) Signed-off-by: Dan Sun Signed-off-by: Dan Sun --- SECURITY.md | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000000..537905b0cf7 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,8 @@ +## Reporting a Vulnerability + +We strongly encourage you to report security vulnerabilities to +our private security mailing list: kserve-security@lists.lfaidata.foundation - first, before +disclosing them in any public forums. + +This is a private mailing list where only active maintainers of the project are allowed to be the members of the group and receive reported +security vulnerabilities, and the issues are treated as top priority.