On GitHub, it's pretty straightforward to request a CVE after a security advisory through their own security page. However, BitBucket isn't a CNA... If an open-source repo owner wanted to request a CVE, is cloning onto GitHub an option or is requesting through MITRE (CNA-LR) a better choice? I understand MITRE has quite a long wait-time.
[link] [comments]
from hacking: security in practice https://ift.tt/pAxDIoN
Comments
Post a Comment