Jamie Slome
Jamie Slome
Hello 👋 I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@arshadkazmi42) has found a potential issue, which I would be eager to share with...
Maintainers continually request CVEs only once the report has been resolved (i.e. fixed). We could provide a self-serve mechanism which allows a maintainer to assign a CVE to the report....
Some maintainers have been confused about whether or not they are logged in when viewing reports with a magic URL. We could possibly add a hint (`not logged in`) in...
In this [report](https://huntr.dev/bounties/6e855178-1484-4188-9bba-72c96a7cef37/), the maintainers adjusted the severity down but then reverted it back up to the initial severity proposed by the researcher. In this case, it is unfair for...
Currently, we send an e-mail per new report to maintainers. To prevent maintainers from being overwhelmed with 7-8 e-mails, we could compress all reports into a single notification e-mail using...
### Description We notify maintainers of reports 24 hours after a report has been submitted. The logic was that this allows researchers to adjust their reports before pinging the maintainers....
Ref: https://www.huntr.dev/bounties/a8fc10be-eb11-402f-98a3-b0201956b4b5/
Currently, maintainers of repositories are prevented from approving reports that they have submitted. This acts as a protection for abusing and self-rewarding bounties. We should allow maintainers to approve reports...