The solution to this problem is to require the submitter to include a unit test that demonstrates the problem along with the CVE. If the unit test succeeds in DDosing or whatever, then the CVE is published. If your unit test fails to produce the security problem, then it is ignored.
bostik|2 years ago
ticviking|2 years ago
Give me code to reproduce an issue for people who are contributing as developers.
bkallus|2 years ago