Tuesday, December 31, 2019
Hospitals and Schools Are Being Bombed in Syria. A U.N. Inquiry Is Limited. We Took a Deeper Look.
By BY MALACHY BROWNE, CHRISTIAAN TRIEBERT, EVAN HILL, WHITNEY HURST, GABRIEL GIANORDOLI AND DMITRIY KHAVIN from NYT World https://ift.tt/39t4ojT
via IFTTT
New top story on Hacker News: Ask HN: How do you responsibly report security bugs to open-source projects?
Ask HN: How do you responsibly report security bugs to open-source projects?
16 by WinonaRyder | 6 comments on Hacker News.
I found a DOS vulnerability in an Open Source project whose maintainer seems to be MIA at the moment. I found it in-the-wild, but not as an exploit so I've only made minimal effort to contact said maintainer - no surprise I haven't gotten a response so far. I don't want to draw any attention to it in a bug report and I'm not sure it's OK to dig up email addresses from commit logs either. It also got me thinking: why don't we have a Bug Bounty-like program for Open Source projects as a whole. What I mean is somewhere where we can post sensitive bugs (even for no pay) and have someone who knows what they're doing guide the process of reporting it responsibly. I know some big projects have this, but e.g. look at the mountain of dependencies that most projects are built on - many of them barely maintained.
16 by WinonaRyder | 6 comments on Hacker News.
I found a DOS vulnerability in an Open Source project whose maintainer seems to be MIA at the moment. I found it in-the-wild, but not as an exploit so I've only made minimal effort to contact said maintainer - no surprise I haven't gotten a response so far. I don't want to draw any attention to it in a bug report and I'm not sure it's OK to dig up email addresses from commit logs either. It also got me thinking: why don't we have a Bug Bounty-like program for Open Source projects as a whole. What I mean is somewhere where we can post sensitive bugs (even for no pay) and have someone who knows what they're doing guide the process of reporting it responsibly. I know some big projects have this, but e.g. look at the mountain of dependencies that most projects are built on - many of them barely maintained.
Texas Churchgoers Welcomed the Poor, but Sensed This One Was Trouble
By BY DAVE MONTGOMERY, ANEMONA HARTOCOLLIS AND RICK ROJAS from NYT U.S. https://ift.tt/37mK6XF
via IFTTT
Monday, December 30, 2019
Sunday, December 29, 2019
Saturday, December 28, 2019
Fox News Breaking News Alert
Fox News Breaking News Alert
New York synagogue stabbing attack results in several injuries: reports
12/28/19 7:52 PM
New York synagogue stabbing attack results in several injuries: reports
12/28/19 7:52 PM
Friday, December 27, 2019
Subscribe to:
Posts (Atom)