Hewlett Packard Enterprise (HPE) takes the security of our software products and services seriously. This includes the SustainCluster benchmark and all related source code repositories managed by HPE. We appreciate the efforts of security researchers and the community in helping us maintain a high standard of security.
If you believe you have found a security vulnerability in the SustainCluster project, we encourage you to report it to us privately, following the guidelines below.
Please do not report security vulnerabilities through public GitHub issues, discussions, or other public forums.
Instead, please report potential security vulnerabilities to the Hewlett Packard Enterprise Product Security Incident Response Team (HPE PSIRT) through one of the following methods:
- Email:
security-alert@hpe.comorsecurity@hpe.com - Web Portal: https://www.hpe.com/info/report-security-vulnerability
You should receive an acknowledgment of your report, typically within 24 business hours. If you do not receive a response within a reasonable timeframe, please follow up to ensure your original message was received.
For more information on HPE's approach to product security and vulnerability disclosure, please visit https://support.hpe.com/hpesc/public/docDisplay?docId=a00100637en_us&docLocale=en_US.
To help us triage and validate your report more effectively, please include the following information (as much as you can provide):
- Type of issue (e.g., remote code execution, data exposure, cross-site scripting, denial of service, etc.).
- The specific repository name (i.e., SustainCluster).
- Full paths of the source file(s) related to the vulnerability.
- The location of the affected source code (e.g., tag, branch, commit hash, or direct URL to the code).
- Any special configuration or specific setup required to reproduce the issue.
- Step-by-step instructions to reproduce the vulnerability.
- Proof-of-concept or exploit code (if possible and safe to share).
- The potential impact of the issue, including how an attacker might exploit it.
This information will help us understand the nature and scope of the possible issue more quickly.
We prefer all communications to be in English.
HPE is committed to practicing responsible Coordinated Vulnerability Disclosure (CVD). We aim to work with finders to ensure vulnerabilities are remediated and disclosed in a way that minimizes risk to users and the ecosystem.
Thank you for helping keep SustainCluster and HPE software secure.