-
I have noticed that the elliptic library v. 6.5.7 may generate incorrect ECDSA signatures and also verify incorrect ECDSA signatures.
An example for an invalid signature that is verified as true is t…
-
**Describe the bug**
When using multiple hostnames for the vulnerability report the report is empty when one of these hostnames doesn't have an A or AAAA record.
**To Reproduce**
Steps to reprodu…
-
Dustin Childs published a blog post UNCOORDINATED VULNERABILITY DISCLOSURE: THE CONTINUING ISSUES WITH CVD on
July 15, 2024. Is there anything in https://www.zerodayinitiative.com/blog/2024/7/15/unco…
-
Hi,
as an avid but paranoid self-hoster, I am considering hosting headscale on a cheap VPS in order to establish VPN connections between my devices. The distrust of the closed-source Tailscale coord…
-
(from https://github.com/CVEProject/strategic-planning-working-group/issues/4)
Consider adding rules about how to handle automated vulnerability discovery (determination in the curent CNA Operation…
-
As per https://github.com/ossf/SIRT/pull/5#issuecomment-1256341717
The SIRT's goals are indeed to help with incidents and vulnerability coordinations, but the documentation and training of it shoul…
-
**Is your feature request related to a problem? Please describe.**
No
**Describe the solution you'd like**
We should highlight some of the supply-chain CVD processes and concerned areas.
**D…
-
(personal notes ; will be expanded upon later.)
In the event, someone will write a daemon or a tool to scan (continuously) NixOS closures for security vulnerability, it would be interesting to coordi…
-
Unfortunately the only way to sign a key for a domain with keys.pub currently is via uploading a file to a server. This does not verify a domain, this simply verifies that a domain is linked to a serv…
-
### I have searched through the issues and didn't find my problem.
- [X] Confirm
### What would you like to share?
We should add a security policy to properly report vulnerabilities in case there a…