floofloof@lemmy.ca to Technology@lemmy.mlEnglish · 4 months agoDev rejects CVE severity, makes his GitHub repo read-onlywww.bleepingcomputer.comexternal-linkmessage-square17fedilinkarrow-up195arrow-down13cross-posted to: programming@programming.devcybersecurity@sh.itjust.works
arrow-up192arrow-down1external-linkDev rejects CVE severity, makes his GitHub repo read-onlywww.bleepingcomputer.comfloofloof@lemmy.ca to Technology@lemmy.mlEnglish · 4 months agomessage-square17fedilinkcross-posted to: programming@programming.devcybersecurity@sh.itjust.works
minus-squarejohnyma22@lemmy.mllinkfedilinkarrow-up4·4 months agoSecurity related issues should go through responsible disclosure and it’s up to the maintainer to provide such a process or the recently flurry of “opportunistic whitehats” will continue to spam your issues and require triaging… Github provides a process for this under the “Security” tab: https://github.com/ether/etherpad-lite/security as an example… I find that by having a documented process it filters out a decent amount of time wasters.
Security related issues should go through responsible disclosure and it’s up to the maintainer to provide such a process or the recently flurry of “opportunistic whitehats” will continue to spam your issues and require triaging…
Github provides a process for this under the “Security” tab: https://github.com/ether/etherpad-lite/security as an example…
I find that by having a documented process it filters out a decent amount of time wasters.