Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are made available, Aqua Security researchers worry. The risk arises from “half-day” and “0.75-day” vulnerabilities “Half-day” vulnerabilities are known to the maintainer and information about them is publicly exposed on GitHub or the National Vulnerability Database, but there’s still no official fix. “0.75-day” vulnerabilities have an official fix, but not a … More

The post Open-source vulnerability disclosure: Exploitable weak spots appeared first on Help Net Security.