Is semantic-link-labs a secure framework backed by Microsoft security guarantees? #1065
-
|
Greetings, all. I have been exploring the use of semantic-link and semantic-link-labs but develop in an environment dealing with highly sensitive data. The open source/"labs" nature of SLL gives us pause when it comes to leveraging SLL in our environment, but I want to confirm this is actually true. Is semantic-link-labs backed by Microsoft security guarantees and/or secure enough to be used in environments with highly sensitive data? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
Semantic Link is officially supported by Microsoft. Semantic Link Labs is an open-source library which makes functionality available more rapidly. Highly used/desired functions graduate from Semantic Link Labs to Semantic Link. The question of whether or not to use open source with regard to python libraries is a bit odd as pretty much every 'closed source' library leverages various open-source libraries. |
Beta Was this translation helpful? Give feedback.
-
|
@m-kovalsky, sorry for delayed reply. Was OOO. Appreciate the clarification. I have wondered about likely "closed source" dependencies on open source libraries. I definitely love the rapidity of new features being rolled out. The pause with open source had more to do with whether or not community contributions are vetted from a security standpoint in SLL or only when they get to SL. Given that SL and SLL both have functions (or wrap APIs) that interact with sensitive areas in a Fabric environment (e.g., connections and creds, authentication, data models), we didn't know if there were risk of alterations being made to SLL that somehow put any of those at risk of which we may not be aware. I'm assuming during the "graduation" process, that code is being vetted for potential security flaws on the MS side, but I didn't know if that applied to SLL or if that were more up to the community (and primary contributors like yourself). |
Beta Was this translation helpful? Give feedback.
-
|
I review all community contributions. That being said probably 99.x% of the code is written by me. Given that SLL is open source, you can see exactly what it is doing in regard to security etc. It’s all transparent for users to see. No community contributions are for modifying authentication - I won’t allow that. Community contributions are for adding/enhancing functionality and implementing bug fixes. |
Beta Was this translation helpful? Give feedback.
-
|
Appreciate the info and clarification. Very helpful. |
Beta Was this translation helpful? Give feedback.
I review all community contributions. That being said probably 99.x% of the code is written by me. Given that SLL is open source, you can see exactly what it is doing in regard to security etc. It’s all transparent for users to see. No community contributions are for modifying authentication - I won’t allow that. Community contributions are for adding/enhancing functionality and implementing bug fixes.