Is there a service that signs me up for all important things needed for running a project with secure practices (CVE registrations, etc.) _and_ gives me a safe channel to get in touch in one go?
e.g. similar to such journalists mailbox services that were all the rage 5 years ago
not that I'm aware of @Florian Gilcher, in fact, you might notice the RustSec FAQ specifically advises you handle that all in advance and disclose before filing an advisory so we don't have to deal with being part of an embargoed disclosure process because it's such a hassle :wink:
I was less thinking about RustSec here, but it just seems that someone providing easy mailboxes for such stuff sounds like a reasonable thing (unless you are super paranoid about your supplier).
honestly I dislike pretty much everything about CVE, and even though I am (or was, a decade ago) friends with the person behind DWF and iwantacve.org, all attempts to improve the process don't seem to be working
the closest thing I can think of are GitHub's embargoed security issues
which I would certainly prefer to GPG-encrypted email for initial vuln disclosures, heh
Yeah, but I can only open them as a maintainer, I cannot have people open them.
that is unfortunate