Looking for Security Contact for Vulnerabilities Found

[Sabrina Midturi]

Hello! 

My name is Sabrina and I'm from the Huntr team. I wanted to see if the was a good email address I could have for forwarding vulnerability reports that our researchers have found in your repo.

Thank you,

Sabrina

[Mathew Wicks]

Hey Sabrina,

We don't have a unified disclosure process yet, this is being worked on, and will probably involve the new GitHub-based one.

However, a good method right now would be to report it to whoever is the maintainer of the repo which contains the problematic code. 

If issue is in `kubeflow/kubeflow`, please reach out to myself (Mathew Wicks) and Kimonas Sotirchos, as we are the leads of the Notebooks Working Group which control everything from the dashboard to notebooks itself. 

If the issue is in another repo, perhaps just message me on slack which one it is and I will connect you with the right people. 

As always, we respectfully ask for a responsible disclosure before releasing anything publicly.

Regards,

Mathew Wicks

--
You received this message because you are subscribed to the Google Groups "kubeflow-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubeflow-discu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/kubeflow-discuss/d1d88ce9-0b7f-469e-997b-574e51186de3n%40googlegroups.com.

[Ricardo Martinelli de Oliveira]

For security vulnerabilities found in Kubeflow, reach out to Amber Graner and Julius von Kohout who are the Security WG leads.

To view this discussion on the web visit https://groups.google.com/d/msgid/kubeflow-discuss/CAPzbFq%2BVCxzNtYcF27PowtX_giODyAYppTDTwtmbxnNW_fbwfw%40mail.gmail.com.

--

Ricardo Martinelli De Oliveira

Senior Software Engineer, OpenShift AI