1.7 KiB
Vulnerability Management
Reporting Vulnerabilities
As mentioned in the security policy, security vulnerabilities may be reported privately to the project via GitHub.
Vulnerability Management Team
Once a vulnerability has been reported to the project, the Vulnerability Management Team (VMT) is responsible for managing the vulnerability. The VMT is responsible for:
- Triaging the vulnerability.
- Coordinating with reporters and project maintainers on vulnerability analysis and resolution.
- Drafting of security advisories for confirmed vulnerabilities, as appropriate.
- Coordination with project maintainers on a coordinated release of the fix and security advisory.
Security Advisories
Advisories are published via GitHub through the same system used to report vulnerabilities. More information on the process can be found in the GitHub documentation.
Team Members
We prefer to keep all vulnerability-related communication on the security report on GitHub. However, if you need to contact the VMT directly for an urgent issue, you may contact the following individuals:
- Simon Mo - simon.mo@hey.com
- Russell Bryant - rbryant@redhat.com
Slack Discussion
You may use the #security channel in the VLLM Slack
to discuss security-related topics. However, please do not disclose any
vulnerabilities in this channel. If you need to report a vulnerability, please
use the GitHub security advisory system or contact a VMT member privately.