Limesurvey is an oss project so cves don't imply issues with their firm and I see it as a good sign of transparency.
I don't think Gris or Bitergia will misuse the data and I think limesurvey is a reputable company that seems to take security seriously. Knowing the response rate anonymously is important and using a mailing list will not let that happen. That alone is enough reason to do it differently. It also removes concerns that those people are duplicating entries because (love the term) it is tokenwalled. Perfection is the enemy of progress. Please make a vote. I started the first vote on Nov 5 and we are in paralysis analysis I fear. Regards, KAM On Fri, Nov 22, 2019, 16:27 Justin Mclean <[email protected]> wrote: > Hi, > > > Preface: I think the statement of misuse potential is an insult to the > > people involved. > > We’ve had several groups misuse data like this in the past and like all > software LimeSurvey has security issues [1]. The risk may be low but it > exists. > > > However, they then created their list by scraping public sources of > Apache > > org addresses and I cut the speaker from our event where they were to > > present the results. > > I believe they created a list than included non apache.org emails as > well, i.e. emails people used on the lists. That which probably get a > better response rate and a number of angry emails. > > Take a list at random I can see that about 20% of the email is from an > apache.org address, most people tend to use other address other than > their apache.org email. > > Thanks, > Justin > > 1. > https://www.cvedetails.com/vulnerability-list/vendor_id-6900/Limesurvey.html
