Author

Topic: standard procedure to handle security vulnerabilities? (Read 734 times)

hero member
Activity: 772
Merit: 500
As we recently added version information to bitcoin-qt.exe, I requested Secunia to add Bitcoin-Qt to their Secunia PSI database and today Bitcoin-Qt is found and listed after a scan Smiley!
Secunia PSI (https://secunia.com/vulnerability_scanning/personal/) is a tool for Windows, which checks installed programs and warns if it finds versions, which contain a known security vulnerability and offers auto-updates or at least a link with valuable information what a user can do to fix it.



IMHO it would be nice, if we report our CVEs (https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures) or at least known security problems to them, so they can add such infos to their database.

https://secunia.com/community/advisories/report_vulnerability/

The headline of this thread is "standard procedure to handle security vulnerabilities?" and I'm asking is there one and do others agree that is is valuable to report security problems (or is this already beeing done?)?

Dia
Jump to: