![](/static/66c60d9f/assets/icons/icon-96x96.png)
![](https://sh.itjust.works/pictrs/image/c38fd5ff-821e-45c9-b2ee-957d0321d2e2.webp)
Recurring incidents like these raise the question, how does one strike a balance?
Relentlessly reporting theoretical vulnerabilities can leave open-source developers, many of who are volunteers, exhausted from triaging noise.
On the flip side, would it be ethical if security practitioners, including novices, sat on what they thought was a security flaw—so as not to inconvenience the project maintainers?
This was already answered in the article: verify your security findings. Make a POC that actually exploits the vulnerability, then submit it with your report.
Looks like it’s mostly for live TV? I haven’t had cable in a long time, don’t really need to record things.