search

tnelson / Forge

Forge: A Tool and Language for Teaching Formal Methods
https://forge-fm.org/
MIT License
67 stars 8 forks source link

Reporting a vulnerability #206

Open igibek opened 1 year ago

igibek commented 1 year ago

Hello!

I hope you are doing well!

We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.

Can you enable it, so that we can report it?

Thanks in advance!

PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

tnelson commented 1 year ago

Private vulnerability reporting has now been enabled. I'm happy to also discuss this offline via my contact email. Thanks!

tnelson commented 7 months ago

In spite of enabling reporting, we never received a vulnerability. @igibek Please let us know if there was an issue here; otherwise I will close the issue. Thank you.