Coordinated Vulnerability Disclosure

Shannon Sabens of CrowdStrike chats with Madison Oliver of GitHub Security Lab about the recent release of OpenSSF’s “Guidance for Security Researchers to Coordinate Vulnerability Disclosures with Open Source Software Projects” document and the important step of obtaining a CVE ID in the coordinated vulnerability disclosure process for open-source vulnerabilities. OpenSSF is a “cross-industry organization that brings together the industry’s most important open source security initiatives and ...