Skip to content

Security: nnstreamer/nntrainer

Security

.github/SECURITY.md

Security policy

  1. Vulnerability Reports Table
  2. Vulnerability Report
  3. Security Disclosure

1. Vulnerability Reports Table

Table reports on vulnerabilities found and patches/descriptions to mitigating them.

Version Vulnerability Patch/description
1.x.x N/A
2.x.x N/A

2. Vulnerability Report

Search and fix of vulnerability issue is the highest priority for the NNStreamer project team.

Please report security bugs by contact to jaeyun-jung marked "SECURITY". NNstreamer team will confirm your request and within 2 week will try to prepare recommendations for elimination. Our team will keep you updated on the progress towards the fix until the full announcement of the patch release. During this process, the NNStreamer team may request additional information or guidance.


3. Security Disclosure

When a person responsible for security receives a vulnerability report as previously mentioned, it is assigned the highest priority and the person in charge. This person will coordinate the patch and release process.

Actions that must be made by the NNStreamer team.

  • Confirm the problem and identify the affected versions.
  • Check the code to find any similar problems.
  • Prepare fixes for all releases still in maintenance. These fixes will released as quickly as possible.

We suggest the following format when disclosing vulnerabilities:

  • Your name and email.
  • Include scope of vulnerability. Let us know who could use this exploit.
  • Document steps to identify the vulnerability. It is important that we can reproduce your findings.
  • How to exploit vulnerability, give us an attack scenario.

There aren’t any published security advisories