GitHub recently announced that private vulnerability reporting is now generally available for enabling at scale. This functionality provides a way for security researchers to privately disclose security issues to the project’s maintainers without the risk of accidentally leaking vulnerability details. This feature was first introduced in November 2022 but can only be activated one repository at a time. It is recommended that owners of public repositories on GitHub should enable the private vulnerability reporting functionality. As this ensure that they provide a private method for security researchers to reach out to them.

This segment was created for the It’s 5:05 podcast