[FEEDBACK]: Make ML06 more precise and with more Attack Scenarios #117
mik0w
announced in
Machine Learning Security Topics
Replies: 1 comment
-
|
Hi @mik0w fantastic feedback. Just FYI that we are in the middle of refactoring this one as per #110 as well to rename the risk type. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Type
Suggestions for Improvement
What would you like to report?
Re-thinking and re-writing ML06 - corrupted packages
The description of ML05 is quite limited given how complicated the software supply chains are, especially those related to ML-using software.
In the summary of the vulnerability it is written: This type of attack can be particularly dangerous as it can go unnoticed for a long time, since the victim may not realize that the package they are using has been compromised. The attacker's malicious code could be used to steal sensitive information, modify results, or even cause the machine learning model to fail.. Meanwhile, in the Detectability section in Risk Factors it says, that it's easy to detect this kind of vulns.
What is more, there's nothing said about countermeasures such as SBOM/MLBOM etc. in the description of this vulnerability. In my opinion that should be included.
There's plenty of resources that should be analyzed and used for the description of this specific vulnerability:
Code of Conduct
Beta Was this translation helpful? Give feedback.
All reactions