Security News > 2023 > April > GitHub now allows enabling private vulnerability reporting at scale

GitHub now allows enabling private vulnerability reporting at scale
2023-04-22 16:18

GitHub announced that private vulnerability reporting is now generally available and can be enabled at scale, on all repositories belonging to an organization.

Since its introduction as an opt-in feature in November 2022 during the GitHub Universe 2022 global developer event, "Maintainers for more than 30k organizations have enabled private vulnerability reporting on more than 180k repositories, receiving more than 1,000 submissions from security researchers."

GitHub has also added integration and automation support via a new repository security advisories API that enables dispatching private reports to third-party vulnerability management systems and submitting the same report to multiple repos sharing a security flaw.

Owners and administrators of public repositories should toggle private vulnerability reporting to ensure they receive bug reports on the same platform where they get resolved, discuss all details with researchers, and securely collaborate with them to create a patch.

Security researchers can submit private security reports directly on GitHub from the Security tab under the repository name by clicking on the 'Report a vulnerability' in the left sidebar, under Reporting > Advisories.

Private bug reports can also be sent via the GitHub REST API using the parameters described on this documentation page.


News URL

https://www.bleepingcomputer.com/news/security/github-now-allows-enabling-private-vulnerability-reporting-at-scale/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Github 12 3 42 30 15 90