Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update security md #2798

Merged
merged 8 commits into from
Jun 5, 2024
Merged

Update security md #2798

Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
78e7e2e
Update data-analytics-pipeline.rst
emmwalsh Apr 19, 2024
bd0c0e2
Merge branch 'oneapi-src:main' into master
emmwalsh May 17, 2024
08d7ce4
Update build-application.rst
emmwalsh May 21, 2024
37a58d8
Merge branch 'oneapi-src:main' into master
emmwalsh May 22, 2024
ec8203b
Update SECURITY.md
emmwalsh May 22, 2024
d11450d
Revert "Update build-application.rst"
emmwalsh May 22, 2024
3977a63
Revert "Update data-analytics-pipeline.rst"
emmwalsh May 22, 2024
288fb13
Update SECURITY.md
emmwalsh May 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
89 changes: 84 additions & 5 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,91 @@
<!--
******************************************************************************
* Copyright 2023 Intel Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/-->

# Security Policy

As an open-source project, we understand the importance of and responsibility
for security. This Security Policy outlines our guidelines and procedures to
ensure the highest level of security and trust for Intel(R) oneAPI Data Analytics Library.

## Supported Versions

Security vulnerabilities are fixed in the [latest version][1]
and delivered as a patch release. We don't guarantee security fixes to be
back-ported to older Intel(R) oneAPI Data Analytics Library versions.

## Report a Vulnerability

Please report security issues or vulnerabilities to the [Intel® Security Center].
We are very grateful to the security researchers and users that report back
security vulnerabilities. We investigate every report thoroughly.
We strongly encourage you to report security vulnerabilities to us privately,
before disclosing them on public forums or opening a public GitHub* issue.

Report a vulnerability to us in one of two ways:

* Open a draft **[GitHub* Security Advisory][2]**
* Send an e-mail to: **security@uxlfoundation.org**.

Along with the report, provide the following info:

* A descriptive title.
* Your name and affiliation (if any).
* A description of the technical details of the vulnerabilities.
* A minimal example of the vulnerability so we can reproduce your findings.
* An explanation of who can exploit this vulnerability, and what they gain
doing so.
* Whether this vulnerability is public or known to third parties. If it is,
provide details.

### When Should I Report a Vulnerability?

* You think you discovered a potential security vulnerability in Intel(R) oneAPI Data Analytics Library.
* You are unsure how the potential vulnerability affects Intel(R) oneAPI Data Analytics Library.
* You think you discovered a vulnerability in another project or 3rd party
component on which Intel(R) oneAPI Data Analytics Library depends. If the issue is not fixed in the 3rd party
component, try to report directly there first.

### When Should I NOT Report a Vulnerability?

* You got an automated scan hit and are unable to provide details.
* You need help using Intel(R) oneAPI Data Analytics Library for security.
* You need help applying security-related updates.
* Your issue is not security-related.

## Security Reports Review Process

We aim to respond quickly to your inquiry and coordinate a fix and
disclosure with you. All confirmed security vulnerabilities will be addressed
according to severity level and impact on Intel(R) oneAPI Data Analytics Library. Normally, security issues are fixed in the next planned release.

## Disclosure Policy

We will publish security advisories using the
[**GitHub Security Advisories feature**][3]
to keep our community well-informed, and will credit you for your findings
unless you prefer to stay anonymous. We request that you refrain from
exploiting the vulnerability or making it public before the official disclosure.

We will disclose the vulnerabilities and bugs as soon as possible once
mitigation is implemented and available.

For more information on how Intel® works to resolve security issues, see
[Vulnerability Handling Guidelines].
## Feedback on This Policy

[Intel® Security Center]:https://www.intel.com/security
If you have any suggestions on how this Policy could be improved, submit
an issue or a pull request to this repository. **Do not** report
potential vulnerabilities or security flaws via a pull request.

[Vulnerability Handling Guidelines]:https://www.intel.com/content/www/us/en/security-center/vulnerability-handling-guidelines.html
[1]: https://github.com/oneapi-src/oneDAL/releases