#developer

Dev rejects CVE severity, makes his GitHub repo read-only

by

June 30, 2024 at 10:43AM The ‘ip’ open-source project’s GitHub repository was archived by its developer, Fedor Indutny, due to dubious or bogus CVE reports being filed against it. The ‘node-ip’ GitHub repository was also made read-only, limiting interactions. Indutny disputed the severity of the CVE and raised concerns about the influx of unverified vulnerability … Read more

XZ Utils Backdoor Implanted in Carefully Executed, Multiyear Supply Chain Attack

by

April 1, 2024 at 05:36PM A Microsoft developer’s timely detection of the malware prevented a potentially more severe outcome. It seems like the key takeaway from the meeting notes is that the Microsoft developer’s timely action in spotting the malware prevented a potentially much worse outcome. Full Article