ADDF security review process

Autonomous Driving Data Framework (ADDF) was built with security in mind. Before release to the public, AWS performed an initial, internal security review of ADDF and resolved any identified security issues. Both AWS and the open-source community contribute to ongoing security reviews of the framework.

Regular security reviews by AWS

ADDF is published under the awslabs GitHub organization that is owned by AWS. AWS performs regular automatic and manual security reviews of the code in this organization, to verify security on a best-effort basis. According to AWS policy, AWS doesn't disclose information about the security review frequency, approach, or tools used. Furthermore, AWS doesn't publish any internal audit reports about ADDF. However, any identified security findings are fixed and published through pull request, with high urgency.

Note

ADDF as a framework is delivered on an 'AS-IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including without limitation, any warranties or conditions of title, non-infringement, merchantabiity, or fitness for a particulary purpose, as stated in the Apache License 2.0 (GitHub). You should conduct your own security assessment of ADDF and verify whether it's compliant with your organization's specific security requirements and, as set forth in Apache License 2.0, you are solely responsible for determining the appropriateness of using or redistributing ADDF and assume any risks associated with your exercise or permissions under such license.

Open-source security reviews and contributions

ADDF is an open-source project that welcomes contributions. We invite all users to conduct their own security review of the framework and contribute by reporting any security-related findings. If you find an issue in the code, please follow the guidelines in Security issue notifications (ADDF documentation).