Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[bug] ChatQnA Security Assessment (It is not a Security Audit) #1220

Open
4 of 6 tasks
dehatideep opened this issue Dec 2, 2024 · 5 comments
Open
4 of 6 tasks

[bug] ChatQnA Security Assessment (It is not a Security Audit) #1220

dehatideep opened this issue Dec 2, 2024 · 5 comments
Assignees
Labels
bug Something isn't working

Comments

@dehatideep
Copy link

Priority

Undecided

OS type

Other (Please let us know in description)

Hardware type

CPU-other (Please let us know in description)

Installation method

  • Pull docker images from hub.docker.com
  • Build docker images from source

Deploy method

  • Docker compose
  • Docker
  • Kubernetes
  • Helm

Running nodes

Single Node

What's the version?

2b2c7ee

Description

ChatQnA security Assessment:
https://docs.google.com/document/d/1df20UOmqJ_30VW5i6MajxXbJn3KhwVHfxYo3oGt2W5o/edit?usp=sharing

Reproduce steps

See the security assessment details. These are based upon code reading.

Raw log

See the security assessment details. These are based upon code reading.
@dehatideep dehatideep added the bug Something isn't working label Dec 2, 2024
@dehatideep
Copy link
Author

@arun-gupta
#1220

@feng-intel
Copy link
Collaborator

@arun-gupta
Do you have comments?

@arun-gupta
Copy link
Contributor

I was having a discussion with folks in the CNCF AI/ML working group. @dehatideep offered to help out with the security review of the OPEA samples. This is a result of that. That is all the context that I can provide.

It would be useful to look at these recommendations and see how we can improve the security of ChatQnA, and possibly other samples.

@xiguiw xiguiw self-assigned this Dec 17, 2024
@xiguiw
Copy link
Collaborator

xiguiw commented Dec 17, 2024

@dehatideep

The assessment is really helpful!
Thank you @dehatideep!

We will review it carefully and take some actions.

BR,
Xigui

@xiguiw
Copy link
Collaborator

xiguiw commented Dec 17, 2024

I was having a discussion with folks in the CNCF AI/ML working group. @dehatideep offered to help out with the security review of the OPEA samples. This is a result of that. That is all the context that I can provide.

It would be useful to look at these recommendations and see how we can improve the security of ChatQnA, and possibly other samples.

Yes, definitely we'll review these recommendations and improve GenAI examples, I believe not only ChatQnA, but also other examples.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

4 participants