We put out a call to open source developers and security researchers to talk about the security vulnerability disclosure process. Here’s what we found.
Tag: GitHub Security Lab
polkit is a system service installed by default on many Linux distributions. It’s used by systemd, so any Linux distribution that uses systemd also uses polkit. As a member of GitHub Security Lab, my job is to help improve the security of open source software by finding and reporting vulnerabilities. A few weeks ago, I found a privilege escalation vulnerability in polkit.
When it comes to security research, the path from bug to vulnerability to exploit can be a long one. Security researchers often end their research journey at the “Proof of Concept” (PoC) stage. A PoC