www-project-machine-learning-security-top-10 [FEEDBACK]: Include MLOps vulnerabilties somewhere in the Supply Chain Security category

[FEEDBACK]: Include MLOps vulnerabilties somewhere in the Supply Chain Security category

Open mik0w opened this issue 1 year ago • 3 comments

Type

Suggestions for Improvement

What would you like to report?

Context One of the parts of the supply chain in modern ML systems is MLOps software - like i.e. MLFlow, Prefect etc. Those systems are vulnerable to classic web based attacks and they seem to be "misconfured by default". I've described it here: https://hackstery.com/2023/10/13/no-one-is-prefect-is-your-mlops-infrastructure-leaking-secrets/ or here: https://github.com/logspace-ai/langflow/issues/1145

Suggestion for improvement I'd suggest including MLOps-related vulnerabilities in the ML06 (or maybe in some other categories as well? I am open for suggestions).

Code of Conduct

[X] I agree to follow this project's Code of Conduct

Nov 17 '23 10:11 mik0w

www-project-machine-learning-security-top-10 www-project-machine-learning-security-top-10 copied to clipboard

[FEEDBACK]: Include MLOps vulnerabilties somewhere in the Supply Chain Security category

Type

What would you like to report?

Code of Conduct

www-project-machine-learning-security-top-10
www-project-machine-learning-security-top-10 copied to clipboard