For most software developers, importing code from third-party libraries is an easy way to add new functionalities to a program without building those features from scratch.
But relying on open-source libraries can be risky, as hackers often target security vulnerabilities within them.
Given all this, it’s important for users of any library to be able to report potential security issues to the project’s owners, so such problems can be fixed before they’re exploited.
But until recently, many projects on the online repository GitHub lacked a clear way for users to submit security reports.
But a team member’s GitHub account was flagged as spam for opening 15 issues and 15 pull requests.
We told them, we’re a research team and this is what we’re doing.”