Many open-source projects lack a clear way to report security problems
The following excerpt is from “GitHub Releases New Tools to Report Vulnerabilities,” an article by Rina Diane Caballar published on June 21, 2019 in IEEE Spectrum, the magazine and website of the Institute of Electrical and Electronics Engineers.
The article reports recent research conducted by Mei Nagappan, an assistant professor in the Cheriton School of Computer Science, and his colleagues on the lack of security vulnerability reporting processes in open-source software projects.