"Security" category
-
Just a thought as I work through some bugs reported to NodeBB... would there be interest in ActivityPub.space hosting a "security" category for discussion around vulnerabilities, CVEs, and such that are related to ActivityPub?
For example, if NodeBB were to receive a bug bounty report and responsibly disclose the details, it would be ideal to have it archived in a place where it won't just disappear off the feed in a matter of minutes.
-
Just a thought as I work through some bugs reported to NodeBB... would there be interest in ActivityPub.space hosting a "security" category for discussion around vulnerabilities, CVEs, and such that are related to ActivityPub?
For example, if NodeBB were to receive a bug bounty report and responsibly disclose the details, it would be ideal to have it archived in a place where it won't just disappear off the feed in a matter of minutes.
@julian @smallcircles that'd probably be a bad idea, as you'd likely get irresponsible disclosure happening.
-
@julian It would be great to have a collection of these that I could look through, to make sure I'm not making easily preventable mistakes myself.
Of course, potential bad guys would be able to look through it too...
-
@julian @smallcircles that'd probably be a bad idea, as you'd likely get irresponsible disclosure happening.
thisismissem@hachyderm.io how so? In the sense that discussed vulnerabilities might be exploitable cross-implementation?
-
@julian we've definitely seen that before, but also people might not realize that they're discussing a vulnerability
-
@julian we've definitely seen that before, but also people might not realize that they're discussing a vulnerability
thisismissem@hachyderm.io hmm that's fair. I don't think it precludes interested parties from having these discussions though.
I'm not sure what the right solution is.
-
@julian probably a private forum for implementers
