GitHub doesn't want users to name and shame security flaws any more

Low code
(Image credit: Shutterstock/SWKStock)

GitHub is allowing developers to notify their peers of discovered vulnerabilities - quietly. The company says this will avoid the “name and shame” game and prevent exploitations that might result from public disclosure.

In a blog post earlier this week, GitHub said given the way that platform is currently set up, sometimes there's no other option but to disclose a vulnerability publicly - and before malware removal software can be deployed - alerting potential threat actors.

“Security researchers often feel responsible for alerting users to a vulnerability that could be exploited,” the blog reads. “If there are no clear instructions about contacting maintainers of the repository containing the vulnerability. It can potentially lead to a public disclosure of the vulnerability details.”

Private vulnerability reporting

To tackle the issue, GitHub has now introduced private vulnerability reporting - essentially a simple reporting form. 

When a developer tries to reach out to the maintainer of the affected vulnerability via Private vulnerability reporting, the latter can choose to either accept it, ask more questions, or reject it. 

“If you accept the report, you're ready to collaborate on a fix for the vulnerability in private with the security researcher,” the post explains.

The Microsoft-owned platform also hopes this disclosure method will streamline troubleshooting efforts, since reports are dealt with in a single place. Furthermore, it gives maintainers the opportunity to discuss vulnerability details in private with security researchers and ultimately use patch management software to collaborate on a fix.

The repository's community has welcomed the news, The Register reported. It spoke to multiple CTOs, technical engineers and threat hunters, all of which agree that such a feature was in high demand on GitHub.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A white padlock on a dark digital background.
GitHub is hiding malware disguised as games, legitimate software
A graphic showing someone on a tablet working through a supply chain.
Security issue in open source software leaves businesses concerned for systems
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
These fake GitHub "security alerts" could actually let hackers hijack your account
hacker.jpeg
Thousands of GitHub repositories exposed via Microsoft Copilot
Shadowed hands on a digital background reaching for a login prompt.
This worrying Git flaw could lead to users leaking credentials
GitHub Webpage
GitHub has a major problem with fake rankings, which could put users at risk of attack
Latest in Security
A computer file surrounded by red laser beams
Free online file converters could infect your PC with malware, FBI warns
Close up of a person touching an email icon.
Criminals are using CSS to get around filters and track email usage
DeepSeek on a mobile phone
More US government departments ban controversial AI model DeepSeek
Ransomware
Fortinet firewall bugs are being targeted by LockBit ransomware hackers
Trojan
Microsoft warns of a devious new RAT malware which can avoid detection with apparent ease
NordProtect logo
Standalone identity theft protection from Nord Security is now available
Latest in News
Perplexity Squid Game Ad
New ad declares Squid Game's real winner is Perplexity AI
Pedro Pascal in Apple's Someday ad promoting the AirPods 4 with Active Noise Cancellation.
Pedro Pascal cures his heartbreak thanks to AirPods 4 (and the power of dance) in this new ad
Frank Grimes confronts Homer Simpson in The Simpsons' Homer's Enemy episode
Disney+ adds a new continuous Simpsons stream, so you no longer have to spend ages choosing an episode
Helly and Mark standing on an artificial hill surrounded by goats in Severance season 2 episode 3
New Apple teaser for Severance season 2 finale suggests we might finally find out what Lumon is doing with those goats, and I don't think it's anything good
Nvidia GR00T N1 humanoid robot
Nvidia is dreaming of trillion-dollar datacentres with millions of GPUs and I can't wait to live in the Omniverse
Foldable iPhone
Apple’s first foldable iPhone could beat the Samsung Galaxy Z Fold 7 in one key way