Shulou(Shulou.com)12/24 Report--

Thanks to CTOnews.com netizens for the clues of crucian carp snow fox to deliver! CTOnews.com, December 16, according to Open Atomic official account, the open source vulnerability sharing platform and security incentive program were officially released at the opening ceremony of the 2023 Open Atomic developer Conference.

Jointly issued by Feng Guanlin, Secretary General of the Open Atomic Open Source Foundation, Ren Xudong, Vice Chairman of the Open Source Security Committee, Lu Liewen, Chairman of the working Committee of the Open Source vulnerability Information sharing Project, and representatives from Aliyun, Baidu, five Electronic Institute of the Ministry of Industry and Information Technology, Huawei, JD.com Technology, Ant Group, Qi Anxin, Tsinghua University, Shenxin, Tencent, Tongxin Software, Zhejiang University, Software Institute of Chinese Academy of Sciences, etc.

It is understood that the open source vulnerability sharing platform focuses on the vulnerability disposal of open source projects incubated by the foundation and its dependent upstream projects, and focuses on 0day vulnerability governance in the open source software field by introducing multi-party participation, full-cycle coverage, and promoting efficient disposal, covering full life cycle processes such as open source software vulnerability collection, verification, evaluation, submission, repair and publication, so as to provide the necessary resources and environment for vulnerability repair. Comprehensively improve the ability of vulnerability discovery and repair of domestic open source software 0day.

The security incentive program openly recruits developers and researchers to identify security vulnerabilities for open source projects incubated by the foundation and their dependent upstream projects.

If the vulnerability meets the four criteria of serious, high-risk, medium-risk and low-risk in the CVSS vulnerability scoring method, it will be recognized as an effective vulnerability and rewarded. Developers and security researchers can submit vulnerabilities through the Open Atomic Open Source Foundation open source vulnerability sharing platform, or use the open atomic open source foundation open source security center mailbox PGP public key to encrypt the vulnerability information and send the vulnerability information to the open source security center mailbox, which needs to be registered on the platform and verified by real name.

CTOnews.com query Open Atomic Open Source Foundation open source vulnerability sharing platform learned that the website has a project hall, contribution list, announcement, loophole submission and other sections, there is no data at present.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.