The MLASTG project takes security seriously. We appreciate your efforts to responsibly disclose security issues and vulnerabilities in this framework.
This is a documentation/framework project. Reportable security issues include:
- Incorrect security guidance — Test procedures or controls that would lead security professionals to miss real vulnerabilities
- Dangerous code samples — Python test scripts that contain unsafe or exploitable code if run in production contexts
- Supply chain issues — Compromised dependencies in
requirements.txtor CI/CD workflow files - Misinformation — Incorrect MITRE ATLAS technique IDs, CVSS scores, or framework references that could mislead practitioners
Do not open a public GitHub issue for security vulnerabilities.
Please report security issues using one of these methods:
- GitHub Private Vulnerability Reporting (preferred): Use the Security tab to submit a private advisory
- Email: Send details to vignesh4303@gmail.com
When reporting, please provide:
- A description of the issue and its potential impact
- The specific file(s) and line number(s) affected
- A recommendation for the correct information or fix
- Your GitHub handle (for attribution in the fix, if desired)
| Severity | Response | Fix Target |
|---|---|---|
| Critical (dangerous code/guidance) | 24 hours | 48 hours |
| High (significant misinformation) | 72 hours | 1 week |
| Medium (minor inaccuracies) | 1 week | Next release |
| Version | Status |
|---|---|
| 0.1 (Draft) | ✅ Actively maintained |
We thank all security researchers who responsibly disclose issues. Contributors who report valid security issues will be acknowledged in the project's release notes (unless anonymity is requested).
- Issues in third-party tools referenced by MLASTG (report to respective projects)
- General requests for new test cases or controls (open a regular issue)
- Disagreements with security opinions or methodology choices (open a discussion)