-
**Summary**
I was wondering if an issue of mine was security-related and tried "Report a security vulnerability" when filing an issue since it provided a "view policy" button (thinking "this policy m…
-
Comment No. | Location | Comment (and type*) or Recommended Edit | Rationale
-- | -- | -- | --
1 | Pg. 1, §1 | Critical: A Binding Operational Directive (BOD) is an ill-suited vehicle to mandate …
-
According to the [Vulnerability Disclosure Policies (Draft) (20-01)](https://cyber.dhs.gov/bod/20-01/) the policy must include "A commitment to not recommend or pursue legal action against anyone for …
-
* Recommend DHS provide additional guidance on security.txt fields. For example, DHS could provide some more information about which fields it thinks we should have and which ones are optional.
* B…
-
------------------------------------------------------------------------(english)
Hello, I am threedr3am. I found a nacos interface. When nacos is deployed in the default configuration, it can be a…
-
- The BOD should be clarified to either explicitly include or exclude government legacy sites/services/applications hosted on .ORG, .COM, and .NET domains, and the sources from which any inventory of …
-
|Developing branch|
|---------|
|[vuln-windows](https://github.com/wazuh/wazuh/tree/vuln-windows) |
The idea is to make use of the National Vulnerability Database to look for vulnerabilities in…
-
@jroper says to add the following to XMLLoader.parser:
See http://blog.csnc.ch/2012/08/secure-xml-parser-configuration/
```
try {
f.setFeature("http://xml.org/sax/features/external-general-entiti…
-
Hey All,
Can someone explain to me when/why the changes in SSRF? High impact SSRF to pull internal data is only a P2?
![image](https://user-images.githubusercontent.com/3488554/89367805-37a22380…
-
Re https://github.com/jwzimmer/aboutvsof/issues/1#issuecomment-758165911, there may be a pretty simple way to tell conspiracy theory speech (I am not sure what to even call this... I mean "nonsense"?)…