-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please add a security policy on how to report security issues #1278
Comments
Maybe at least consider pointing to https://openai.com/policies/coordinated-vulnerability-disclosure-policy |
Hey thanks, this is a good call-out. We'll discuss internally. For now that link should work. For SDK-specific vulns, you can also email security@stainlessapi.com. |
What are some places you would expect to find this in a library like this? |
Typically there is a security.md policy file you define as part of the repo. GitHub has some instructions here on how to set that up: https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository. Once setup, it'll show up here: https://github.com/openai/openai-python/security. But it would also be benefit to change the issues template to point folks to the security policy to report any vulnerabilities. |
Ah, terrific – we'll get that set up next week! Thank you so much @ericwb ! |
Confirm this is a feature request for the Python library and not the underlying OpenAI API.
Describe the feature or improvement you're requesting
Please add a security policy to this GitHub repo. I can't find any information on how to report security issues in private. Using the issue tracker would be undesirable as it could zero-day some exploits reported.
Additional context
For example, these issues really should have been reported privately:
The text was updated successfully, but these errors were encountered: