I've noticed a concerning trend of "slop security reports" being sent to open source projects. Here are thoughts about what platforms, reporters, and maintainers can do to push back:
#oss #opensource #security
https://sethmlarson.dev/slop-security-reports?utm_campaign=mastodon
Seth Larson
npub1xh…x9evl
2024-12-03 19:16:31 UTC
Author Public Key
npub1xhwh40lc054jjcw69d3tl77a32gtj29katwyl5xvq4kxjv8ytxaqgx9evlSeen on
wss://relay.momostr.pinkPublished at
2024-12-03 19:16:31 UTCEvent JSON
{
"id": "b49be4b22a1668ed25a54602e1a62c4da8e0434d5db7708e6a9048f80885e522",
"pubkey": "35dd7abff87d2b2961da2b62bffbdd8a90b928b6eadc4fd0cc056c6930e459ba",
"created_at": 1733253391,
"kind": 1,
"tags": [
[
"t",
"opensource"
],
[
"t",
"security"
],
[
"proxy",
"https://fosstodon.org/@sethmlarson/113590494269089076",
"web"
],
[
"t",
"oss"
],
[
"proxy",
"https://fosstodon.org/users/sethmlarson/statuses/113590494269089076",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://fosstodon.org/users/sethmlarson/statuses/113590494269089076",
"pink.momostr"
],
[
"-"
]
],
"content": "I've noticed a concerning trend of \"slop security reports\" being sent to open source projects. Here are thoughts about what platforms, reporters, and maintainers can do to push back:\n\n#oss #opensource #security\n\nhttps://sethmlarson.dev/slop-security-reports?utm_campaign=mastodon",
"sig": "6d23c3a64cc09ba76de93ccca94f312f7afd73e66416a2b2e3e9e241933d356cccd8a492bf88be02001a26a3d208b5a116c232e828e8fdd93de28241e7759b5f"
}