[incubator-mxnet] branch master updated: Add instructions to report a security vulnerability (#16383)

[marcoabreu]

This is an automated email from the ASF dual-hosted git repository.

marcoabreu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-mxnet.git


The following commit(s) were added to refs/heads/master by this push:
     new 2127f75  Add instructions to report a security vulnerability (#16383)
2127f75 is described below

commit 2127f75b3d5e48e8215eaf6204829505e436983e
Author: Marco de Abreu <marcoab...@users.noreply.github.com>
AuthorDate: Mon Oct 7 15:37:49 2019 +0200

    Add instructions to report a security vulnerability (#16383)
---
 docs/static_site/src/pages/api/faq/security.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/docs/static_site/src/pages/api/faq/security.md 
b/docs/static_site/src/pages/api/faq/security.md
index ead7fa1..5448146 100644
--- a/docs/static_site/src/pages/api/faq/security.md
+++ b/docs/static_site/src/pages/api/faq/security.md
@@ -23,6 +23,23 @@ permalink: /api/faq/security
 <!--- specific language governing permissions and limitations -->
 <!--- under the License. -->
 
+# Reporting a security vulnerability
+The Apache Software Foundation takes a very active stance in eliminating 
security problems and denial of service attacks against its products.
+
+We strongly encourage folks to report such problems to our private security 
mailing list first, before disclosing them in a public forum.
+
+Please note that the security mailing list should only be used for reporting 
undisclosed security vulnerabilities and managing the process of fixing such 
vulnerabilities. We cannot accept regular bug reports or other queries at this 
address. All mail sent to this address that does not relate to an undisclosed 
security problem in our source code will be ignored.
+
+
+Questions about:
+* if a vulnerability applies to your particular application
+* obtaining further information on a published vulnerability
+* availability of patches and/or new releases
+should be addressed to the users mailing list. Please see the [mailing lists 
page](/community/contribute#mxnet-dev-communications) for details of how to 
subscribe.
+
+The private security mailing address is: <a 
href="mailto:secur...@apache.org";>secur...@apache.org</a> <i class="far 
fa-envelope">. Feel free to consult the general [Apache Security 
guide](http://www.apache.org/security/) for further details about the reporting 
process.
+
+
 # MXNet Security Best Practices
 
 MXNet framework has no built-in security protections. It assumes that the 
MXNet entities involved in model training and inferencing (hosting) are fully 
trusted. It also assumes that their communications cannot be eavesdropped or 
tampered with. MXNet consumers shall ensure that the above assumptions are met.