Skip to content

Security: NVIDIA/NeMo-Aligner

Security

SECURITY.md

Security

NVIDIA is dedicated to the security and trust of our software products and services, including all source code repositories managed through our organization.

If you need to report a security issue, please use the appropriate contact points outlined below. Please do not report security vulnerabilities through GitHub.

Reporting Potential Security Vulnerability in an NVIDIA Product

To report a potential security vulnerability in any NVIDIA product:

  • Web: Security Vulnerability Submission Form
  • E-Mail: psirt@nvidia.com
    • We encourage you to use the following PGP key for secure email communication: NVIDIA public PGP Key for communication
    • Please include the following information:
      • Product/Driver name and version/branch that contains the vulnerability
    • Type of vulnerability (code execution, denial of service, buffer overflow, etc.)
      • Instructions to reproduce the vulnerability
      • Proof-of-concept or exploit code
      • Potential impact of the vulnerability, including how an attacker could exploit the vulnerability

While NVIDIA currently does not have a bug bounty program, we do offer acknowledgement when an externally reported security issue is addressed under our coordinated vulnerability disclosure policy. Please visit our Product Security Incident Response Team (PSIRT) policies page for more information.

NVIDIA Product Security

For all security-related concerns, please visit NVIDIA's Product Security portal at https://www.nvidia.com/en-us/security

There aren’t any published security advisories