The Central Security Project: Vulnerability Reporting for Open Source Java
1 min read
Mar 28, 2019
When a security researcher finds a security bug, what do they do? Unfortunately, the answer sometimes is they search for the appropriate people to notify and, when they can’t be found, end up posting the vulnerability to public email lists, the GitHub project, or even Twitter.
This is the problem that security platform HackerOne and software supply chain management tool Sonatype have teamed up to solve with The Central Security Project, a new effort that “brings together the ethical hacker and open source communities to streamline the process for reporting and resolving vulnerabilities discovered in libraries housed in The Central Repository, the world’s largest collection of open source components,” according to a statement.
The link for this article located at TheNewStack is no longer available.
Related Articles
1 - 0 min read
xz-style Attacks Continue to Target Open-Source Maintainers
1 - 0 min read
Hacked VMs Reveal New Attack Risks
1 - 0 min read
Growth in Open Source Use Among Businesses Analyzed
