Open JamieSlome opened 2 years ago
A few more...
https://huntr.dev/bounties/bd2fb1f1-cc8b-4ef7-8e2b-4ca686d8d614/ https://huntr.dev/bounties/49940dd2-72c2-4607-857a-1fade7e8f080/ https://huntr.dev/bounties/8ce4b776-1c53-45ec-bc5f-783077e2d324/
It would be nice if there is a checkbox / button "Issue" CVE for the "smaller" but eligible projects (Distribution via npm, apt or pacakgist and so on.. But are too small for auto "generation" CVEs.
At the same time please also consider automation of the "Publishing" of the CVE after it has been "issued" / patched
From an operational perspective, I spend a lot of time responding to requests to assign and publish CVEs against reports that have not automatically received one. Typically, the researcher requests one, and I need to get confirmation that the maintainer is happy to assign and publish a CVE. Less frequently, the maintainer gets in touch asking for a CVE to be assigned and published.
This is all orchestrated via the usage of
@admin
.It would be great to come up with a way to automate this via the platform, i.e. allowing the researcher to request a CVE directly from the maintainer, or allowing the maintainer to themselves assign and publish the CVE.