If you discover a security vulnerability in this project, please report it responsibly using GitHub's private vulnerability reporting feature.
Do not report security vulnerabilities through public GitHub issues.
- Navigate to the Security tab of this repository
- Click "Report a vulnerability"
- Provide a detailed description of the vulnerability, including:
- Steps to reproduce the issue
- Potential impact
- Any suggested fixes (if applicable)
For detailed instructions on privately reporting a security vulnerability, see GitHub's documentation.
If you have questions about the vulnerability or need to start a conversation about it, please contact ospo@tenstorrent.com directly.
- Report: Submit a vulnerability report through GitHub's Security tab
- Acknowledgment: Tenstorrent will respond within 2 business days
- Triage: Our team will assess the issue and update its priority and risk level
- Fix Development: A fix will be developed in a private branch, with reporter feedback when possible
- Disclosure: A security advisory will be published once the fix is patched and merged to the main branch
Thank you for helping keep this project and our users safe!