I gotta say, the Mastodon security disclosure for tomorrow's vuln puts most vendors to shame - and Mastodon are a non-profit doing open source code.
They just emailed me to let me know (I've never contacted them before, they've used the contact address on my Mastodon server) the details, including how it was found, how serious and when time wise the patch will be released during the day tomorrow.
I pay Microsoft 9 figures in licensing at job and they sometimes don't even issue a CVE.
Kevin Beaumont /
npub176…fkwlw
2023-07-05 18:42:12
Author Public Key
npub176rs4lx7gjqwepgg75psfpv7zjj3xz0lyj4n7rux93ftm390sars6fkwlwPublished at
2023-07-05 18:42:12Event JSON
{
"id": "71791572103174c7aca9577d7529e40ef3c3ca4c46e338a017b189966c8173d4",
"pubkey": "f6870afcde4480ec8508f50304859e14a51309ff24ab3f0f862c52bdc4af8747",
"created_at": 1688582532,
"kind": 1,
"tags": [
[
"mostr",
"https://cyberplace.social/users/GossiTheDog/statuses/110662944882209456"
]
],
"content": "I gotta say, the Mastodon security disclosure for tomorrow's vuln puts most vendors to shame - and Mastodon are a non-profit doing open source code.\n\nThey just emailed me to let me know (I've never contacted them before, they've used the contact address on my Mastodon server) the details, including how it was found, how serious and when time wise the patch will be released during the day tomorrow.\n\nI pay Microsoft 9 figures in licensing at job and they sometimes don't even issue a CVE.",
"sig": "b9a3f48d84b48f77da946b689b61584e754a9cb16c134421670093f9a9d9b05eea3806cb77ae23de30b17e51d333d5851dce2c863504d40fb646b23b88b26bf8"
}