Technology @lemmy.ml floofloof @lemmy.ca 4 mo. ago

Dev rejects CVE severity, makes his GitHub repo read-only

www.bleepingcomputer.com Dev rejects CVE severity, makes his GitHub repo read-only

The popular open source project, 'ip' had its GitHub repository archived, or made "read-only" by its developer as a result of a dubious CVE report filed for his project. Unfortunately, open-source developers have recently been met with an uptick in debatable or outright bogus CVEs filed for their pr...

Hacker News @lemmy.smeargle.fans bot @lemmy.smeargle.fans

BOT

4 mo. ago

Dev rejects CVE severity, makes his GitHub repo read-only

www.bleepingcomputer.com /news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/

Programming @programming.dev AnActOfCreation @programming.dev 4 mo. ago

Dev rejects CVE severity, makes his GitHub repo read-only

www.bleepingcomputer.com /news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/

Cybersecurity @sh.itjust.works Nemeski @lemm.ee 4 mo. ago

Dev rejects CVE severity, makes his GitHub repo read-only

www.bleepingcomputer.com /news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/

You're viewing a single thread.

17 comments

Security related issues should go through responsible disclosure and it's up to the maintainer to provide such a process or the recently flurry of "opportunistic whitehats" will continue to spam your issues and require triaging..

Github provides a process for this under the "Security" tab: https://github.com/ether/etherpad-lite/security as an example..

I find that by having a documented process it filters out a decent amount of time wasters.

You've viewed 17 comments.