oneMKL Adopt Vulnerability Policy (Security.md)

[rozhukov]

1. Adopt Public Security Policy (Security.md file) to UXL.
   (!) There is no Security.md file for oneMKL at all: https://github.com/oneapi-src/oneMKL?tab=security-ov-file
   You can use oneDNN as an example: Security.md
   Pay attention to Supported Versions section, it may vary based on your Support policy.
   Please add @rozhukov to the reviewers list.

2. Enable Private Vulnerability reporting
   GitHub Security tab -> Enable Vulnerability Reporting

[vmalia]

@rozhukov you can assign this one to me.

[rozhukov]

@vmalia I thought it's WIP already. Please let me know once done. Thx.

[vmalia]

@rozhukov
I have maintainer permissions for the oneMKL project but cannot see the "Private Vulnerability Reporting" option.

Verified the same with another maintainer. Is there something else that needs to be configured for this option to appear?

[rozhukov]

@rozhukov I have maintainer permissions for the oneMKL project but cannot see the "Private Vulnerability Reporting" option.

Verified the same with another maintainer. Is there something else that needs to be configured for this option to appear?

Yes, you should be either owner or admin. With our internal Intel guidance I advised it many times to get added to owner-* GitHub teams. I think it'd make sense to re-evaluate access permissions and roles ones migration to UXL-owned org is done.