chiffa Posted December 15, 2022 Share Posted December 15, 2022 So, erm, we have accidentally discovered a pretty major vulnerability that can be used for abuse in an ML product (let's say a classifier between spam/not-spam or legitimate/illegitimate traffic) that allows a complete bypass. We have reached out to a vendor contact to report it, but haven't heard so far and the vulnerability doesn't fit the standard vulnerability framework, given that it's ML's team problem and does not fit MITRE classification (at least to my understanding). What do we do if we still don't hear from the vendor? Go public? Is it even classifiable as a vulnerability or a cyber-security issue? Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now