Post · A small Bonfire corner on the internet

Post

@nlnetlabs@social.nlnetlabs.nl · 2 days ago

RE: https://fosstodon.org/@iscdotorg/116416426577631380

In case you’re wondering: while not as extreme as illustrated by ISC (we don’t offer a bug bounty program), NLnet Labs suffers from a similar situation, in particular for Unbound.

Handling vulnerability reports, both valid ones and false positives, has now become a full time job for the entire Unbound team.

You can argue that it ultimately makes our resolver more secure, it also means we cannot work on building and releasing new features, like:

https://github.com/NLnetLabs/unbound/pulls/wcawijngaards

#DNS #OpenSource #AI

elle

@elle@weathered-steel.social replied · 23 hours ago

@nlnetlabs wondering how much a policy requiring all vuln reports to come with a reproducer (in form of a unit/integration test), along with a proposed fix (validated against the reproducer).

I think this would significantly raise the bar, and lead to better outcomes for all reporters, LLM or human.

A small Bonfire corner on the internet

This is a small personal instance of Bonfire in the Fediverse.

A small Bonfire corner on the internet: About · Code of conduct · Privacy ·

Bonfire social · 1.0.1 no JS en

Automatic federation enabled