how do you know that no customer data was affected? did you work with github and... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		cleverwebb 28 days ago \| parent \| context \| favorite \| on: How we exploited CodeRabbit: From simple PR to RCE... how do you know that no customer data was affected? did you work with github and scan all uses of your keys? how do you know if a use of your github key was authentic or not? did you check with anthroipic/openai/etc to scan logs usage? It's really hard to trust a "hey we got this guys" statement after a fuckup this big

Xunjin 28 days ago | [–]

That's why countries should start to legislate on these matters, there are no incentives in focusing on security and properly report to the customers such vulnerability.

xign 21 days ago | [–]

Notice how replies like this never get a response?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact