diff options
author | Frank Chen <frankchn@google.com> | 2018-03-23 11:05:14 -0700 |
---|---|---|
committer | TensorFlower Gardener <gardener@tensorflow.org> | 2018-03-25 02:44:46 -0700 |
commit | 9560504cc802045f3bea35c184627c3f2328f15d (patch) | |
tree | 6094b3774e2061799490f56182c58a39dbcd0389 | |
parent | 0526238462dc39c7b90733102583eea55a0d62bc (diff) |
Move security documentation to the main TensorFlow site for better visibility, and leave a stub SECURITY.md pointing users there.
PiperOrigin-RevId: 190244853
-rw-r--r-- | SECURITY.md | 19 | ||||
-rw-r--r-- | tensorflow/docs_src/community/index.md | 3 | ||||
-rw-r--r-- | tensorflow/docs_src/community/leftnav_files | 1 | ||||
-rw-r--r-- | tensorflow/docs_src/community/security.md | 7 |
4 files changed, 26 insertions, 4 deletions
diff --git a/SECURITY.md b/SECURITY.md index 378e776967..5ca304404d 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -168,7 +168,18 @@ below). Please use a descriptive subject line for your report email. After the initial reply to your report, the security team will endeavor to keep you informed of -the progress being made towards a fix and announcement. +the progress being made towards a fix and announcement. + +In addition, please include the following information along with your report: + +* Your name and affiliation (if any). +* A description the technical details of the vulnerabilities. It is very + important to let us know how we can reproduce your findings. +* An explanation who can exploit this vulnerability, and what they gain when + doing so -- write an attack scenario. This will help us evaluate your report + quickly, especially if the issue is complex. +* Whether this vulnerability public or known to third parties. If it is, please + provide details. If you believe that an existing (public) issue is security-related, please send an email to `security@tensorflow.org`. The email should include the issue ID and @@ -233,7 +244,7 @@ v//Fw6ZeY+HmRDFdirjD7wXtIuER4vqCryIqR6Xe9X8oJXz9L/Jhslc= ### Known vulnerabilities -| Type | Versions affected | Reported by | Additional Information | -|-------------------|:-----------------:|--------------------|-----------------------------| -| out of bounds read| <=1.4 | TenCent Blade Team | [issue report](https://github.com/tensorflow/tensorflow/issues/14959) | +| Type | Versions affected | Reported by | Additional Information | +|--------------------|:-----------------:|--------------------|-----------------------------| +| Out Of Bounds Read | <=1.4 | TenCent Blade Team | [issue report](https://github.com/tensorflow/tensorflow/issues/14959) | diff --git a/tensorflow/docs_src/community/index.md b/tensorflow/docs_src/community/index.md index b706d9b204..ebeff8493b 100644 --- a/tensorflow/docs_src/community/index.md +++ b/tensorflow/docs_src/community/index.md @@ -13,3 +13,6 @@ This section contains the following documents: conventions that TensorFlow developers and users should follow. * @{$community/benchmarks$Benchmarks}, Benchmarks, a guide for defining and running a TensorFlow benchmark. + * @{$security$Using TensorFlow Securely}, which explains TensorFlow's security + model, a list of recent security reports, and information on how you can + report a security vulnerability to the TensorFlow team. diff --git a/tensorflow/docs_src/community/leftnav_files b/tensorflow/docs_src/community/leftnav_files index fab35024ad..af344506c7 100644 --- a/tensorflow/docs_src/community/leftnav_files +++ b/tensorflow/docs_src/community/leftnav_files @@ -4,3 +4,4 @@ roadmap.md documentation.md style_guide.md benchmarks.md +security.md diff --git a/tensorflow/docs_src/community/security.md b/tensorflow/docs_src/community/security.md new file mode 100644 index 0000000000..8d13c7a1ea --- /dev/null +++ b/tensorflow/docs_src/community/security.md @@ -0,0 +1,7 @@ +# Using TensorFlow Securely + +Before using TensorFlow, please take a look at our security model, list of +recent security announcements, and ways you can report security issues to the +TensorFlow team at the +[https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md](Using +TensorFlow Securely) page on GitHub. |