We actively support the following versions of Tensor Fusion with security updates:
| Version | Supported | 
|---|---|
| 1.x.x | ✅ | 
| < 1.0 | ✅ | 
We take the security of Tensor Fusion seriously. If you believe you have found a security vulnerability in our GPU virtualization and pooling solution, please report it to us as described below.
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please report them via email to: [email protected]
If you prefer, you can also contact us through our support channel: [email protected]
Please include the following information in your report:
- Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit the issue
- Initial Response: We will acknowledge receipt of your vulnerability report within 48 hours.
- Assessment: We will provide an initial assessment within 5 business days.
- Resolution: We aim to resolve critical vulnerabilities within 30 days, and other vulnerabilities within 90 days.
We kindly ask that you:
- Give us reasonable time to investigate and mitigate an issue before making any information public
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services
- Only interact with accounts you own or with explicit permission of the account holder
Tensor Fusion handles sensitive GPU resources and workloads. Key security considerations include:
- Isolation: GPU workloads are isolated between different tenants
- Authentication: All API access requires proper authentication
- Authorization: Role-based access control (RBAC) for different operations
- Encryption: Data in transit is encrypted using TLS 1.3
- Audit Logging: All administrative actions are logged for security monitoring
When deploying Tensor Fusion in Kubernetes:
- Use proper RBAC configurations
- Ensure network policies are in place
- Keep Kubernetes cluster updated
- Use secure container images
- Implement pod security standards
Our Enterprise features include additional security measures:
- Encryption at Rest: GPU context and model data encryption
- SSO/SAML Support: Integration with enterprise identity providers
- Advanced Audit: Comprehensive audit trails
- Compliance: SOC2 and other compliance reports available
Security updates will be released as patch versions and communicated through:
- GitHub Security Advisories
- Release notes
- Email notifications to enterprise customers
- Discord announcements: https://discord.gg/2bybv9yQNk
- Regularly update Tensor Fusion to the latest version
- Monitor security advisories and apply patches promptly
- Use strong authentication mechanisms
- Implement proper network segmentation
- Regular security audits of your deployment
- Follow secure coding practices when contributing
- Run security scans on your code changes
- Report any suspicious behavior or potential vulnerabilities
- Keep dependencies updated
For security-related questions or concerns:
- Security Team: [email protected]
- General Support: [email protected]
- Enterprise Support: Available for licensed users
Note: This security policy applies to the open-source components of Tensor Fusion. Enterprise features may have additional security policies and procedures. Please contact us for enterprise-specific security information.