Author: alicexbt 2023-05-23 16:45:58
Published on: 2023-05-23T16:45:58+00:00
A vulnerability has been discovered in Bitcoin Core repository, which was created as an open issue on Github, but some users have also experienced similar issues without debug build used for bitcoind. A user named alicexbt requested the developers to report it privately as a vulnerability instead of creating a public Github issue, even if it worked only in debug mode. Although there has been no decline in the number of listening nodes on bitnodes.io, still, the reporting of vulnerabilities privately is important for better practices and avoiding the possibility of exploitation. The vulnerability reporting process requires communication and resolution through a small group of individuals rather than through open collaboration between any contributors on the repo. The most obvious past example being the 2018 inflation bug. However, it doesn't scale for all bug reports and investigations to go through this tiny funnel. For an issue that isn't going to result in loss of on-chain funds and doesn't seem to present a systemic issue, opening a public issue was appropriate in this case especially as the issue initially assumed it was only impacting nodes running in debug mode. Michael Folkson, another user, suggested that everything should not go through the funnel and there are clearly examples where the process is critically needed.
Updated on: 2023-06-16T18:27:12.652610+00:00