undefined | Better HN

0 pointspatmorgan232y ago0 comments

There are "security researchers" who grep GitHub for the words 'password' or 'secret' and blindly file CVE's if they find any hits.

0 comments

and those CVEs are rejected or revoked. There are bad actors everywhere; they're not a good excuse to stop trying.

There are -many- software vendors and developers that wont accept or even respond to security researchers. You are absolutely correct.

j / k navigate · click thread line to collapse

0 pointspatmorgan232y ago0 comments

There are "security researchers" who grep GitHub for the words 'password' or 'secret' and blindly file CVE's if they find any hits.

and those CVEs are rejected or revoked. There are bad actors everywhere; they're not a good excuse to stop trying.

There are -many- software vendors and developers that wont accept or even respond to security researchers. You are absolutely correct.

j / k navigate · click thread line to collapse