Vulnerability Disclosure Challenges in Open Source Projects

Can we trust our npm dependencies?

Ever wonder about the challenges of responsibly disclosing security vulnerabilities in popular open-source projects? Let’s look at the rollercoaster story of a vulnerability in Node Formidable (10M+ weekly downloads).👇

https://blog.zast.ai/security/open%20source/vulnerability%20disclosure/Vulnerability-Disclosure-Challenges-in-Open-Source-Projects/

What’s your biggest supply chain security challenge? Comment below! 🧵