Skip to content
View geo-chen's full-sized avatar

Block or report geo-chen

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
geo-chen/README.md

terminal-redteam cyber-radar

OSS Responsible Disclosure Process

For vulnerabilities in open source software, I generally follow this process:

  1. Report the issue through the project's documented security channel (e.g. /security, SECURITY.md, email, GHSA, private portal, VDP, or VRP).
  2. If no private reporting channel exists, or if there is no response after 30 days following an email or GHSA submission, I may open a public issue wihout a POC.
  3. If the report is acknowledged through a private reporting channel, I will send up to two follow-up messages over the following weeks to check on remediation progress.
  4. Where maintainers request an extension, target a disclosure timeline of up to 90 days for remediation and coordinated disclosure.
  5. If communication lapses for more than 30 days after the last substantive response, or once the vulnerability has been fixed, I may disclose the issue through a CNA, where appropriate.

Pinned Loading

  1. geo-chen geo-chen Public