Ben

icon indicating a website link hackerone.com/bencode

icon company HackerOne icon location San Francisco icon location Security & Technical Lead at HackerOne hackerone.com/bencode

Results 17 comments of Ben
trafficstars

Fetch from a local git repo

The current use case was specifically for referencing a public github interface to reference, so this is not possible today. That being said, I'd be open to including this, but...

Will the WG support both CPE (v2.3) as well as SWID Tags

> Can you confirm that the plan is to drop PURL in favour of CPE 2.3? I may be mistaken, but don't remember us taking the stance on using CPE...

Will the WG support both CPE (v2.3) as well as SWID Tags

Oh nice thanks for point that out @pombredanne - looks like @sbs2001 is trying to solve exactly the same problems!

MVP Vuln Disclosure Proposal - HackerOne, Github & NodeJS Ecosystem WG

> I wonder if we can't rely on package maintainers don't create advisories, if there's a way to authorize a third-party to create it for them. One solution that came...

MVP Vuln Disclosure Proposal - HackerOne, Github & NodeJS Ecosystem WG

Agree with @Foxboron and others here, the intent here wouldn't be to replace the CVE assignment process-that has value, and in parallel we should apply for a CVE to ensure...

MVP Vuln Disclosure Proposal - HackerOne, Github & NodeJS Ecosystem WG

I think the conversation derailed quite a bit from my initial intent. There are so many problem areas along the open source security lifecycle and this was specifically looking at...

How do we define impacted methods?

One source of inspiration could be [source maps](https://sourcemaps.info/spec.html). ## How does it work? Typically in my experience most used to find make a mapping between code in a development environment...