Security News > 2023 > April > GitHub introduces private vulnerability reporting for open source repositories

GitHub has announced that its private vulnerability reporting feature for open source repositories is now available to all project owners.

The private vulnerability reporting feature provides a direct collaboration channel that allows researchers to more easily report vulnerabilities, and maintainers to easily fix them.

Maintainers for more than 30k organizations have enabled private vulnerability reporting on more than 180k repositories, receiving more than 1,000 submissions from security researchers," GitHub's Kate Catlin and Eric Tooley shared.

Simplifying vulnerability reporting and remediation.

Private vulnerability reporting is convenient to both security researchers and project maintainers: it allows them to exchange all the necessary information and avoid complicated back-and-forth emailing.

Security researchers can also use the new repository security advisories API to open a private vulnerability report on multiple repositories, and project maintainers can channel these reports from GitHub to the third-party vulnerability management systems they use.

News URL

https://www.helpnetsecurity.com/2023/04/27/github-vulnerability-reporting/