floofloof@lemmy.ca to Technology@lemmy.mlEnglish · 4 days agoDev rejects CVE severity, makes his GitHub repo read-onlywww.bleepingcomputer.comexternal-linkmessage-square16fedilinkarrow-up11arrow-down10cross-posted to: programming@programming.devcybersecurity@sh.itjust.works
arrow-up11arrow-down1external-linkDev rejects CVE severity, makes his GitHub repo read-onlywww.bleepingcomputer.comfloofloof@lemmy.ca to Technology@lemmy.mlEnglish · 4 days agomessage-square16fedilinkcross-posted to: programming@programming.devcybersecurity@sh.itjust.works
minus-squarejohnyma22@lemmy.mllinkfedilinkarrow-up0·3 days agoSecurity related issues should go through responsible disclosure and it’s up to the maintainer to provide such a process or the recently flurry of “opportunistic whitehats” will continue to spam your issues and require triaging… Github provides a process for this under the “Security” tab: https://github.com/ether/etherpad-lite/security as an example… I find that by having a documented process it filters out a decent amount of time wasters.
Security related issues should go through responsible disclosure and it’s up to the maintainer to provide such a process or the recently flurry of “opportunistic whitehats” will continue to spam your issues and require triaging…
Github provides a process for this under the “Security” tab: https://github.com/ether/etherpad-lite/security as an example…
I find that by having a documented process it filters out a decent amount of time wasters.