llama-stack icon indicating copy to clipboard operation
llama-stack copied to clipboard

Published 20 hours ago verified publisher icon meta-llama

Missing Security Policy

Open avioligo opened this issue 1 year ago • 0 comments

Hi dear team! I love your work.

I wanted to ask, how should one report about security bugs / vulnerabilities? I would like to report a security vulnerability that I have identified.

I have noticed this project has already 11K monthly downloads (was only 3K a few weeks ago). This repository still does not have SECURITY.MD or a proper Security section in the docs, on how to report issues / what is the scope. In other projects (like TorchServe) I used to contact Meta's security teams, but I am not sure what is the policy of meta-llama organization. It might be a good time to create these processes.

Thanks in advance!

avioligo avatar Aug 26 '24 10:08 avioligo