5 reasons to strive for better disclosure processes

By Max Ammann

This blog showcases five examples of real-world vulnerabilities that we’ve disclosed in the past year (but have not publicly disclosed before). We also share the frustrations we faced in disclosing them to illustrate the need for effective disclosure processes.

Here are the five bugs:

• Undefined behavior in the borsh-rs Rust library


• Denial-of-service (DoS) vector in Rust libraries for parsing the Ethereum ABI


• Missing limit on authentication tag length in Expo


• DoS vector in the num-bigint Rust library …

blog bugs disclosure examples frustrations processes real share vulnerabilities world