I've noticed a concerning trend of "slop security reports" being sent to open source projects. Here are thoughts about what platforms, reporters, and maintainers can do to push back:
sethmlarson.dev/slop-security-…
New era of slop security reports for open source
I'm on the security report triage team for CPython, pip, urllib3, Requests, and a handful of other open source projects. I'm also in a trusted position such that I get "tagged in" to other open sou...sethmlarson.dev
This entry was edited (3 weeks ago)
reshared this