-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability reporting procedure #1729
Comments
I agree something should be done about this, apparently Github now has a feature to contact project maintainers securely/directly in case of a vuln? Idk much about it tho... |
I wasn't aware of that. But it looks like a great option! Link to the docs for posterity; |
It appears pretty easy to setup. But it would need to be done by someone with admin privileges. |
Well, @hathach seems to be taking a break for now, but I imagine he'll be back soon. Thanks for the link, since I completely forgot other than hearing about the new feature thirdhand :D! |
Yeah, I've emailed @hathach directly with directly with details of the vulnerability that I found. Got a reply mentioning that he was keen to take a look, but is currently away from his computer. I don't think there is any need to rush into getting it fixed :). Though it would be nice to get a fix together in the next couple of weeks. |
just be back to my PC, will check this out in this week or so. Thank you for the issue/pr. |
this should be fixed by #1789, thank you @silvergasp very much for bringing this up and also making effort to add fuzzer as well and pr to integrate tinyusb to google fuzzing. |
Related area
Security/vulnerability reporting
Hardware specification
N/A
Is your feature request related to a problem?
I think I've found a security vulnerability, but I don't want to publicly describe the problem on a GitHub issue until the problem is fixed. Having a security problem published publicly would open people up to attack.
Describe the solution you'd like
I'd like some procedures to be in place to;
NOTE: There are some templates on the links above which offer a good starting point.
I have checked existing issues, dicussion and documentation
The text was updated successfully, but these errors were encountered: