Last week, I wrote about how Joshua Aaron's ICEBlock app, which allows people to anonymously report ICE sightings within a 5-mile radius, is – unfortunately, and despite apparent good intentions – activism theater. This was based on Joshua's talk at HOPE where he made it clear that he isn't taking the advice
There is no vulnerability because the claim is bogus. Anybody with some experience in cybersec will tell you it’s a nothing burger.
I’m aware. But that’s not the point of the comment thread. The point is the dev should’ve handled it better. We receive many notices at work of vulns from independent researchers, and regardless if they are bogus or not, we treat them all the same in the way we respond to them.
You do you, but if I have someone shitting on my project (warranted or not, I’m not going into the political aspects) and make a report that apache is out of date, frankly they can get blocked too.
Anybody with security experience will know it’s bogus and warrants no response.
There are tons of “security experts” making “vulnerability reports”… That are just a version check. That’s not a vulnerability report unless you prove there is a vulnerability. They either try to get money or try to disparage you because you did not respond within their chosen timeline (which was too short by industry standards).