Michael Scovetta
Michael Scovetta
We have a (still) PoC tool called [disclosure-check](/ossf/disclosure-check), intended to help finders locate the best way to privately contact a maintainer.  It looks through SECURITY.md, Security Insights, package metadata,...
We'd like to change the name of our working group to better reflect what we do. Please suggest options and vote for the ones you'd like. We'll stop voting on...
Some sources: - Dependency Confusion - https://daniel.haxx.se/blog/2021/03/30/howto-backdoor-curl/
Based on 7/21/2021 WG meeting, we should consider advocating for a structured security.md file. Not necessarily Markdown, but something that can be introspected and validated.
Logging was set to go to stdout, same as output, which breaks json output. This change has the logging go to stderr instead. This should fix #186.
**Describe the bug** Our SECURITY.md doesn't reference 2.3, which is the current release. We should make sure the versions we support are listed here.
- Azure Data Studio Version: N/A - OS Version: N/A Steps to Reproduce: 1. Start out at 2. Click "Download Azure Data Studio for macOS", linked to . Does this...
This PR adds a null check to contrib/minizip, in case ALLOC (malloc) fails (i.e. returns NULL). This would prevent a segfault later when copying bytes to pTmp.