Hey #infosec community I need your help. You've discovered a critical vulnerability inside a widely used open source software but can't get a hold of the maintainer - they are ignoring every contact attempt . How do you disclose an issue responsible in this situation?
Follow
@webklex
If the open source software is distributed by others (e.g. major Linux distros), you can contact security teams for the distributors. Even if they can't contact the vendor either, they can work to mitigate the issue for their users.
It's more work for you, but moves the ball in the right direction. On the bright side, most Linux distro security teams are likely to be accessible and at least mildly on the ball. Your decision though.
