Moaz Reyad created SINGA-417:
--------------------------------
Summary: Adding security channel
Key: SINGA-417
URL: https://issues.apache.org/jira/browse/SINGA-417
Project: Singa
Issue Type: New Feature
Components: Documentation
Reporter: Moaz Reyad
According to the [Apache Project Maturity
Model|https://community.apache.org/apache-way/apache-project-maturity-model.html]:
??QU30: The project provides a well-documented, secure and private channel to
report security issues, along with a documented way of responding to them.??
??Apache projects can just point to [http://www.apache.org/security/] or use
their own security contacts page, which should also point to that.??
This issue can be solved simply by adding a link to Apache Security page to
SINGA website.
However, I would also suggest to :
# create a sub team in SINGA (even starting with one person) for security
# ask for an email security@singa.apache for project security contacts
# create a new page for security in SINGA website
# add SINGA security team (page and email) to [ASF Project Security
Information page|https://www.apache.org/security/projects.html]
Machine learning systems like SINGA may work with sensitive data (e.g. medical
data, finance, etc.) and SINGA provides distributed training where data and
models can be shared in a network. If SINGA security team provides details to
ensure the best security practices, this can be an important feature to show in
SINGA now or in a future release.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
