New vulnerability reporting platform aims to make open source safer

Vulnerabilities in open source code represent a risk for businesses, but the process of reporting them is cumbersome and that can leave software open to risk. Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process and turn to public lists or social media, where bad actors can easily find the details before fixes are created. Plus, open source projects often don't have the resources to validate that all vulnerabilities reported are real issues. Software supply chain management company Sonatype, is announcing a partnership with HackerOne, to create The Central… [Continue Reading]