-
*Description*:
Projects like Envoy proxy have a robust processe for vulnerability management, outlined [here](https://github.com/envoyproxy/envoy/blob/main/SECURITY.md). OSS control planes like Istio…
-
This is a vulnerability report for `termux-app`, `termux-tasker` and `termux-widget` being released on `2022-02-15`. Users are advised to immediately update to [`Termux` `v0.118.0`](https://github.com…
-
This template is designed to be the minimum viable Vulnerability Disclosure Policy for an OpenJS Project. It meets the following criteria:
- Complies with ISO 29147 (Coordinated Vulnerability Discl…
-
The purpose of this guide section is to help maintainers generate and maintain VDP Policies using the provided templates below. This includes a section-by-section explanation of the current contents o…
-
Hi
Synopsis
The remote mail server is affected by an information disclosure vulnerability.
Description
The Microsoft Exchange Client Access Server (CAS) is affected by an information disclo…
-
Last week, DHS Cybersecurity & Infrastrucutre Security Agency (CISA) released a draft directive, [BOD 20-01](https://cyber.dhs.gov/bod/20-01/), which will require executive branch agencies to publish …
-
While the documentation is clear, the field name 'release_date' is confusing. Could it be changed to 'public_date' or 'date_public'?
I'd suggest a minor documentation update also: "...the date and …
-
-
Hi
I found a security vulnerability in the XMALL application.
Where should I disclose it?
Thanks,
Ori.
oricx updated
2 years ago
-
> As an alternative, we could register a [`security.txt`](https://securitytxt.org/) field.
>
> The list of `security.txt` fields is also [a registry maintained by IANA](https://www.iana.org/assignmen…