Friday, July 19, 2024
HomeNewsGitHub creates private vulnerability reports for public repositories

GitHub creates private vulnerability reports for public repositories

GitHub recently announced private vulnerability reporting feature for security researchers and developers.

GitHub now allows developers to discreetly warn their peers of discovered vulnerabilities. According to the company, doing so will avoid the “name and shame” game and stop any unwanted misuses brought on by public revelation.

GitHub stated in a blog post earlier this week that given the way the platform is now set up, there is sometimes no other alternative but to publicly expose a vulnerability that risks notifying prospective threat actors before malware removal tools can be implemented. For researchers, who are frequently saddled with decisions that can result in further security issues, being able to report code vulnerabilities in confidence is crucial.

According to the blog, security researchers frequently feel accountable for warning users about a vulnerability that could be exploited. “If there are no clear instructions about contacting maintainers of the repository containing the vulnerability. It can potentially lead to public disclosure of the vulnerability details.”

GitHub has now added private vulnerability reporting, which is essentially a simple reporting form, to address the problem. A security researcher or developer can use the new private reporting feature to report a vulnerability report to a public repository. The receiver can either accept it, implying to the researcher a willingness to collaborate with them to fix the problem, or it can reject it, ask more questions, and/or signal other options.

By visiting the main page of their repository, clicking Settings, and then selecting “Code security and analysis” under “Security,” code maintainers or developers can activate private reporting on They can select to enable or disable the option by clicking the arrow to the right of “Private vulnerability reporting.”

Read More: Neural Acoustic Fields: MIT-IBM Watson team use Acoustic Information to build ML model

Since complaints are handled in a single location, the Microsoft-owned platform also anticipates that the new reporting style would simplify troubleshooting procedures. Moreover, it offers code maintainers the chance to privately discuss vulnerability details with security researchers and developers before working together on a solution using patch management software.

The initiative was one of several announcements made by GitHub during the GitHub Universe 2022 developer event this month.

Subscribe to our newsletter

Subscribe and never miss out on such trending AI-related articles.

We will never sell your data

Join our WhatsApp Channel and Discord Server to be a part of an engaging community.

Preetipadma K
Preetipadma K
Preeti is an Artificial Intelligence aficionado and a geek at heart. When she is not busy reading about the latest tech stories, she will be binge-watching Netflix or F1 races!


Please enter your comment!
Please enter your name here

Most Popular