Y
Hacker News
new
|
ask
|
show
|
jobs
by
intortus
4520 days ago
Shame on github for making these mistakes in the first place, but kudos to them for doing such a great job of engaging the white hats.
3 comments
homakov
4520 days ago
It's hard to shame github for those bugs. All of them are low-sev separately, only together they make sense.
link
shill
4520 days ago
Nice work Egor. I hope to see a GitHub client testimonial on sakurity.com sometime soon.
link
akerl_
4520 days ago
If we're shaming any code with security flaws, no one is free of shame. I'm excited by the bounty program, it's a great way to get things like this identified and responsibly disclosed
link
intortus
4520 days ago
I agree that flaws will always exist, but I don't understand why it's ever worth it to not be absolutely strict about matching redirect_uri in OAuth.
link
patcon
4520 days ago
Sorry, but this is a terrible approach to thinking about progressive and open security practices...
link