How to properly disclose security issues?

About a month back, I reported what I think is a security issue in the tensorflow/models repository. I disclosed this bug via as they had previous submissions to the repository. The security policy of the repository states that the security team gets back within 24 hours but it’s been a month and I haven’t heard back from them. The members at were kind enough to leave the following comment but I was wondering if there was a better way to do this. Thanks 😀

submitted by /u/whokilleddb
[visit reddit] [comments]

Leave a Reply

Your email address will not be published. Required fields are marked *