bugmacosopen sourceSecurity
In the event of finding a security vulnerability in the Linux world, the procedure involved would be to report the vulnerability…
Then patches are made and CVE's are released.
I'm curious about how does open source vulnerability reporting work in the OSX world? Do the developers release CVE's if a security issue is brought to their notice?
I found two:
It is an open source free, video editing software, effects, and compositing suite.
When I used it several months back, it was very unintuitive and I couldn't figure out how to use it. However, there are tutorials for Jahshaka now.
Kdenlive is an open source, multi track video editor released under the GNU Public Licence.
(The screenshot is of Kdenlive running on Windows, but it is available for the Mac through Macports)
It's as simple as posting new details on your bug with a sentence requesting a status update. There is no dedicated button to do this. From personal experience I doubt you'll get any helpful information though. Many things in Radar live there for years…
Best Answer
You can contact Apple about this at product-security@apple.com (or you can open a Radar report if you're a developer), or you contact the maintainer of the package.
Often the mail addresses can be found in the README (or AUTHORS) of the source code, or on the project's website.
Yes - both Apple (specifically) and the open source developers (in general) do reference CVE in patch and security emails and participate using that mechanism for tracking reported vulnerabilities.