Enhance the pre-notification policy (#23532)

Signed-off-by: Huzaifa Sidhpurwala <huzaifas@redhat.com>
2025-10-20 06:03:50 +08:00 · 2025-08-27 00:41:36 +04:00
parent d696f86e7b
commit 2f13319f47
1 changed files with 5 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -42,4 +42,9 @@ For certain security issues of CRITICAL, HIGH, or MODERATE severity level, we ma

 * If you wish to be added to the prenotification group, please send an email copying all the members of the [vulnerability management team](https://docs.vllm.ai/en/latest/contributing/vulnerability_management.html). Each vendor contact will be analyzed on a case-by-case basis.

+* Organizations and vendors who either ship or use vLLM, are eligible to join the prenotification group if they meet at least one of the following qualifications
+    * Substantial internal deployment leveraging the upstream vLLM project.
+    * Established internal security teams and comprehensive compliance measures.
+    * Active and consistent contributions to the upstream vLLM project.
+
 * We may withdraw organizations from receiving future prenotifications if they release fixes or any other information about issues before they are public. Group membership may also change based on policy refinements for who may be included.