Nightwatch Cybersecurity Research

icon indicating a website link https://wwws.nightwatchcybersecurity.com

Results 37 comments of Nightwatch Cybersecurity Research

Specify allowed encryption schemes

I would suggest some options for moving forward: 1. For the "Encryption" key, if a URI is registered for Age keys, then it can probably be used in this field....

Specify allowed encryption schemes

If a detached signature is ok, then registering a new field in the registry is probably the best way to do it. There is a remaining question whether it should...

SSH signatures as an alternative to OpenPGP ones

Another alternative is to define a new field that references a detached SSH signature, something like: "SSH-Signed: security.txt.sshsig"

Add a link to the human and machine readable security advisories

CSAF field has been added to the registry

Doesn't work in mirrorred repositories

Running v1.2.0 on MacOS 12.4

Doesn't work in mirrorred repositories

It's still a problem, just tried with detect-secrets v1.5.0 on MacOS 14.4.1: The mirrored repository finds nothing: ``` git clone --mirror https://github.com/Yelp/detect-secrets.git cd detect-secrets.git/ detect-secrets scan ``` Regular one finds...

Bug with SHA256 checksums

I added a pull request with a fix