Loop in project maintainers before publishing advisories reported by third parties #4325
AkihiroSuda
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Currently, some advisories seem published without looping in project maintainers.
This is problematic because an advisory submitted by a third party may contain misunderstanding and may result in sending false alerts to users.
In the worst case, an advisory may also contain malicious suggestion that will rather decrease the security.
I'd suggest GitHub to make some attempt to loop in project maintainers before publishing advisories.
This will be also beneficial to reduce zero-day attacks.
Beta Was this translation helpful? Give feedback.
All reactions