How to Serve Open Source Maintainers Without Annoying Them? – Munawar Hafiz, OpenRefactory, Inc.

How to Serve Open Source Maintainers Without Annoying Them? – Munawar Hafiz, OpenRefactory, Inc.

OpenRefactory is working with the Alpha-Omega project within OpenSSF in an ambitious effort to report various kinds of bugs to the maintainers of top open source projects and working with them to get the bugs fixed. We collect the bugs by analyzing Java and Python code with Intelligent Code Repair (iCR) and other static analysis tools bundled in the Omega analyzer. We have created a portal to triage and report the bugs following coordinated disclosure. This talk showcases the portal and tells real life stories about what happens when bugs get reported. The bugs reported have so far been merged 40% of the time in important projects. This talk highlights the best practices that the security practitioners should follow to reduce friction and discusses how the current acceptance rate for bug reports can be made even better.

source

by The Linux Foundation

linux foundation