DevThe Recordabout 16 hours ago

GitHub dismissed Shai-Hulud worm flaw reports

1 min read

GitHub closed two HackerOne reports from Deep Specter Research as ineligible, despite the Shai-Hulud supply-chain worm exploiting those design flaws. The worm has infected over 3,000 repositories and 200 developer accounts. Deep Specter found 516 malicious packages live across npm, PyPI, and RubyGems.

Level

Hype check

Tap to vote and see what everyone thinks.

#github #supply-chain #security

GitHub dismissed Shai-Hulud worm flaw reports

More to chew on!

More to chew on!