NEWSTech

GitHub doesn’t want users to name and shame security flaws any more

Low code

Audio player loading…

GitHub is allowing developers to notify their peers of discovered vulnerabilities – quietly. The company says this will avoid the “name and shame” game and prevent exploitations that might result from public disclosure.

In a blog post (opens in new tab) earlier this week, GitHub said given the way that platform is currently set up, sometimes there’s no other option but to disclose a vulnerability publicly – and before malware removal software can be deployed – alerting potential threat actors.

“Security researchers often feel responsible for alerting users to a vulnerability that could be exploited,” the blog reads. “If there are no clear instructions about contacting maintainers of the repository containing the vulnerability. It can potentially lead to a public disclosure of the vulnerability details.”

Private vulnerability reporting

To tackle the issue, GitHub has now introduced private vulnerability reporting – essentially a simple reporting form. 

When a developer tries to reach out to the maintainer of the affected vulnerability via Private vulnerability reporting, the latter can choose to either accept it, ask more questions, or reject it. 

“If you accept the report, you’re ready to collaborate on a fix for the vulnerability in private with the security researcher,” the post explains.

The Microsoft-owned platform also hopes this disclosure method will streamline troubleshooting efforts, since reports are dealt with in a single place. Furthermore, it gives maintainers the opportunity to discuss vulnerability details in private with security researchers and ultimately use patch management software to collaborate on a fix.

The repository’s community has welcomed the news, The Register (opens in new tab) reported. It spoke to multiple CTOs, technical engineers and threat hunters, all of which agree that such a feature was in high demand on GitHub.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.

Powered By
Best Wordpress Adblock Detecting Plugin | CHP Adblock