Juana and Sharard,
I understand the position of ODH community on reporting vulnerabilities. Just curious if this is something can be explicitly documented as a security policy in website or git repos.
Background: lacks of policy/guideline on vulnerabilities would be a deal breaker (for enterprise users like me). It’s an on-going discussion about vulnerabilities scan/report in the Kubeflow community. I just wonder if I can find some pointers from ODH community.