Stale reports get published

Open psmoros opened this issue 4 years ago • 2 comments

Pitch

Currently researchers complain that many of their reports never get seen. To address this issue we're thinking of publishing pending and unfixed reports after a set amount of time and after giving the maintainer a fair warning on a public channel.

Clarification: As long as disclosures / fixes don't get validated by the maintainer, they won't get paid nor receive a CVE. This initiative only affects visibility and nothing else.

Nov 12 '21 10:11 psmoros

Nice idea! 👍

Nov 12 '21 10:11 JamieSlome

@adam-nygate @psmoros - could we arrange a time to spec. this out together? Perhaps an hour later this afternoon?

Nov 30 '21 10:11 JamieSlome