minus-squarejohnyma22@lemmy.mltoTechnology@lemmy.ml•Dev rejects CVE severity, makes his GitHub repo read-onlylinkfedilinkarrow-up4·4 months agoSecurity related issues should go through responsible disclosure and it’s up to the maintainer to provide such a process or the recently flurry of “opportunistic whitehats” will continue to spam your issues and require triaging… Github provides a process for this under the “Security” tab: https://github.com/ether/etherpad-lite/security as an example… I find that by having a documented process it filters out a decent amount of time wasters. linkfedilink
minus-squarejohnyma22@lemmy.mltoTechnology@lemmy.ml•Google is ready to fill free streaming TV channels with adslinkfedilinkarrow-up1arrow-down1·5 months ago linkfedilink
Security related issues should go through responsible disclosure and it’s up to the maintainer to provide such a process or the recently flurry of “opportunistic whitehats” will continue to spam your issues and require triaging…
Github provides a process for this under the “Security” tab: https://github.com/ether/etherpad-lite/security as an example…
I find that by having a documented process it filters out a decent amount of time wasters.