GitHub has announced a slew of new security updates, including private vulnerability reporting.
The company received 1,000 reports from security researchers since late 2022 as part of the testing process.
- To
use the private reporting feature, repository maintainers need to
enable it in the Security section of their repository’s settings.
- Once the future is enabled, users can send bug reports to the maintainers and contact them privately.
- GitHub
claims that the feature will help users who want to tell repository
managers about different security flaws without risking making
information public.
- In the announcement, the company mentions
the administrators who manage JSON, which has 60 million downloads, as
an example where a user tracked security flaws and had a difficult time
communicating with them.
- Once that user utilized the new private reporting feature, it resulted in 11 million alerts that were then addressed.