JamieSlome
commented
2 years ago Open JamieSlome opened 2 years ago
JamieSlome
commented
2 years ago JamieSlome
commented
2 years ago 
jaapmarcus
commented
2 years ago A few more...
https://huntr.dev/bounties/bd2fb1f1-cc8b-4ef7-8e2b-4ca686d8d614/ https://huntr.dev/bounties/49940dd2-72c2-4607-857a-1fade7e8f080/ https://huntr.dev/bounties/8ce4b776-1c53-45ec-bc5f-783077e2d324/
It would be nice if there is a checkbox / button "Issue" CVE for the "smaller" but eligible projects (Distribution via npm, apt or pacakgist and so on.. But are too small for auto "generation" CVEs.
JamieSlome
commented
2 years ago JamieSlome
commented
2 years ago JamieSlome
commented
2 years ago JamieSlome
commented
2 years ago JamieSlome
commented
2 years ago JamieSlome
commented
2 years ago jaapmarcus
commented
2 years ago At the same time please also consider automation of the "Publishing" of the CVE after it has been "issued" / patched
JamieSlome
commented
2 years ago JamieSlome
commented
2 years ago JamieSlome
commented
2 years ago JamieSlome
commented
2 years ago JamieSlome
commented
2 years ago 
From an operational perspective, I spend a lot of time responding to requests to assign and publish CVEs against reports that have not automatically received one. Typically, the researcher requests one, and I need to get confirmation that the maintainer is happy to assign and publish a CVE. Less frequently, the maintainer gets in touch asking for a CVE to be assigned and published.
This is all orchestrated via the usage of
@admin.It would be great to come up with a way to automate this via the platform, i.e. allowing the researcher to request a CVE directly from the maintainer, or allowing the maintainer to themselves assign and publish the CVE.