GitHub is now a CVE Numbering Authority (CNA) 🎉 Disclose vulnerabilities, alert developers, and provide updates all from within GitHub. Coming soon!

@github Absolutely amazing, many many thanks 🙏

@github @Hydraze 😎👍

@github So, what is the “distinct, agreed-upon scope” of GitHub as a CNA? Everything hosted on GitHub? (Note: this would make GitHub a CNA about CNAs since the CNA guidance is hosted on GutHub 🧐)

@github Is what will covered, what repo? Public or private? Or both?

@github Great idea,but somehow i don’t like it.cause if i found vulnerabilities and i don’t want to let them know they notify them one way or another.

@github Will #github save the world against #hackers ? shorturl.at/bhopQ

@github Sounds interesting😊

@github Awesome!

@github @myfear does this mean you will have inbuilt tools/api to notify all repos with vulnerabilities?

@github @tenderlove This is great!

@github Awesome!

@github Is there any plans to provide a proper API? If so, is there any design documents?

@github For what software? Windows & Office?

@github This is awesome! 😱

@github @secvalve Built right into Issues I assume?

@github @natfriedman As a researcher and a maintainer, I really appreciate this! This will absolutely make my life easier! ❤️ @github!

@github Huge!

@github @Cyber_War_News Thx

@github @AndromedaValue para el proximo podcast 😁 Lo mejor que ha hecho $MSFT este año (y alomejor en años) ha sido comprar @github

@github @feross Please what's a CVE Numbering Authority ?