Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set a security policy #2142

Merged
merged 2 commits into from
Nov 14, 2023
Merged

Set a security policy #2142

merged 2 commits into from
Nov 14, 2023

Conversation

pnacht
Copy link
Contributor

@pnacht pnacht commented Nov 13, 2023

What does this PR do?

Fixes #2141

This PR sets a simple security policy for Keras CV. It is almost identical to the one used by keras-team/keras.

It currently offers two avenues to report vulnerabilities:

  • an email (currently just a placeholder!)
  • GitHub's private reporting feature

If you'd rather just use one of these, let me know and I'll modify the policy. Or, if you think /tf-keras's Tensorflow-based policy is a better fit, I can use it here as well. (I admit I'm not 100% sure which repos are still tied to TF and which aren't...)

Before submitting

  • This PR fixes a typo or improves the docs (you can dismiss the other checks if that's the case).
  • Did you read the contributor guideline,
    Pull Request section?
  • Was this discussed/approved via a Github issue? Please add a link
    to it if that's the case.
  • Did you write any new necessary tests?
  • If this adds a new model, can you run a few training steps on TPU in Colab to ensure that no XLA incompatible OP are used?

Who can review?

@divyashreepathihalli, @sampathweb (from the template)

@pnacht
Add security policy
bb8bac8 
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
mattdangerw
mattdangerw reviewed Nov 14, 2023
View reviewed changes
SECURITY.md
You may submit the report in the following ways:

- send an email to ???@???; and/or
- send a [private vulnerability report](https://github.com/keras-team/keras-cv/security/advisories/new)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would actually just vote for just this latter option here. Seems simpler, and that we don't have to maintain a separate email address for this.

Is there a downside?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pnacht as to the question about the right mental model for keras-cv and keras-nlp, they can be thought of as equivalent to keras-team/keras at least from this perspective. Maintained by the Keras team directly, supporting TF but not under the TF umbrella for maintenance/contribution.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would actually just vote for just this latter option here. Seems simpler, and that we don't have to maintain a separate email address for this.

Is there a downside?

Done. And nope, no downside. Just remember to actually enable the advisories in the repo Settings > "Code security & analysis"!

@pnacht as to the question about the right mental model for keras-cv and keras-nlp, they can be thought of as equivalent to keras-team/keras at least from this perspective. Maintained by the Keras team directly, supporting TF but not under the TF umbrella for maintenance/contribution.

Gotcha. Thanks for the info.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Enabled the reporting now. Thanks!

@pnacht
Only use private vuln report
342ce4b 
Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
@mattdangerw
Copy link
Member

@pnacht can you make a sibling PR for keras-nlp? Thank you!

@mattdangerw mattdangerw merged commit cbd34f0 into keras-team:master Nov 14, 2023
6 of 9 checks passed
divyashreepathihalli added a commit that referenced this pull request Nov 14, 2023
@divyashreepathihalli @pnacht
merge master to branch (#2146)
3385708 
* Set a security policy (#2142)

* Add security policy

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

* Only use private vuln report

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

---------

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

* add Random ops shim (#2145)

* add Random ops shim

* update random opss

* handle None case

* change seed handeling

* undo changes

* undo changes

* undo

* update int_seed

* change int to init

* update init_seed everywhere

* add kwargs

* undo bial

* code reformat

* remove dtype

---------

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
Co-authored-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
This was referenced Nov 16, 2023
Merged
Closed
@pnacht pnacht mentioned this pull request Dec 21, 2023
Merged
5 tasks
@pnacht pnacht mentioned this pull request Dec 29, 2023
Closed
yuvraj-wale pushed a commit to yuvraj-wale/keras-cv that referenced this pull request Feb 8, 2024
@pnacht @yuvraj-wale
Set a security policy (keras-team#2142)
e3f846c 
* Add security policy

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

* Only use private vuln report

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

---------

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattdangerw mattdangerw mattdangerw approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add a security policy
2 participants
@pnacht @mattdangerw