The Apache Software Foundation takes a very active stance in eliminating security problems with its projects. If you have any security concerns regarding Apache SystemDS™, or believe you have uncovered a vulnerability or potential threat, contact the Apache Security Team at security@apache.org. Include a description of the issue and try to provide steps to reproduce the problem. The Apache SystemDS™ Community and the Apache Security Team take security issues very seriously and will respond.
Note the general Apache Security mailing address security@apache.org is private and should be used only for undisclosed vulnerabilities. Please report any security problems to Apache Security Team before disclosing it publicly.
The ASF Security team maintains a page with a description of how vulnerabilities and potential threats are handled. Refer to their security page for more information.