GitHub user DanielRuf edited a comment on the discussion: Addressing AI-slop in security reports
After doing some research, is this project supported by the OSTIF, where Apache Foundation projects are mentioned in audits? https://ostif.org/ https://ostif.org/audits/ Maybe they already have some solutions or ideas. There are probably more initatives for funding the security of (F)OSS projects. https://www.herodevs.com/blog-posts/eus-sovereign-tech-fund-securing-open-source-sustainability-and-why-it-matters https://arxiv.org/html/2412.05887v2 https://openssf.org/tag/security-audits/ But I'm unsure if the company of a bug bounty platform would pay the effort to check all the reports, that are not eligible for a bounty. GitHub link: https://github.com/apache/logging-log4j2/discussions/4052#discussioncomment-15949055 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
