Hacker News new | ask | show | jobs
by freework 1017 days ago
The solution to this problem is to require the submitter to include a unit test that demonstrates the problem along with the CVE. If the unit test succeeds in DDosing or whatever, then the CVE is published. If your unit test fails to produce the security problem, then it is ignored.
2 comments
bostik 1017 days ago
In other words, PoC || GTFO for all submissions?
link
ticviking 1017 days ago
Ultimately "Show me the code" is the only standard that has ever worked for Open Source.

Give me code to reproduce an issue for people who are contributing as developers.

link
bkallus 1017 days ago
This works only for programs that are publicly available.
link