Author: Michael Folkson 2023-05-23 16:17:55
Published on: 2023-05-23T16:17:55+00:00
A developer has raised concerns over the reporting process for vulnerabilities in Bitcoin Core. The issue was recently made public on Github, rather than being reported privately to the security team at bitcoincore.org. While this process is necessary for critical issues, it doesn't scale and can cause problems for less severe issues. The developer argues that documentation and guidance on what should go through the vulnerability reporting process and what shouldn't could be improved. They also suggest that the developers should reflect on their own approach to security regardless of whether work receives CVE recognition or not. A CVE ID has been assigned to the issue in question - CVE-2023-33297. However, it is unclear whether the developer requested this personally or confirmed with someone listed on the vulnerability reporting process. The developer warns other developers to consider the impact of any vulnerability as if exploited, it could affect many things.
Updated on: 2023-06-16T18:26:59.550016+00:00