Practice open source security vocabulary: coordinated disclosure, CVE scoring, patch timelines, GitHub Security Advisories, and responsible disclosure policies.
0 / 5 completed
1 / 5
What is 'coordinated disclosure' in OSS security?
Coordinated disclosure (also called responsible disclosure) means the reporter gives maintainers time to prepare a fix before the vulnerability is made public — balancing transparency with user safety.
2 / 5
'The CVE was assigned CVSS ___.' What does a score of 9.8 indicate?
CVSS (Common Vulnerability Scoring System) scores range 0–10. A score of 9.8 is 'Critical' — indicating high impact, ease of exploitation, and broad attack surface. Patches should be released immediately.
3 / 5
'We released a ___ within 48 hours.' Which noun describes an emergency security fix?
A 'patch' (or hotfix) is an emergency release that fixes a specific vulnerability. Releasing within 48 hours of a critical CVE is considered a fast and responsible response.
4 / 5
'The security ___ was published on GitHub Security Advisories.' Which noun is this?
A 'security advisory' is the official public disclosure document. GitHub Security Advisories allows maintainers to publish CVE details, affected versions, and remediation steps directly in the repository.
5 / 5
What is 'responsible disclosure' in the context of OSS vulnerabilities?
Responsible disclosure means privately notifying the project maintainers first, agreeing on a fix timeline (commonly 90 days), and only then publishing details publicly — protecting users while ensuring accountability.