securitytxt.org
wyhash
Our great sponsors
| securitytxt.org | wyhash | |
|---|---|---|
| 42 | 9 | |
| 60 | 913 | |
| - | - | |
| 4.2 | 6.6 | |
| 27 days ago | 3 months ago | |
| HTML | C | |
| MIT License | The Unlicense |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
securitytxt.org
-
How to respond to unsolicited vulnerability report from users of public sites?
You might consider setting up security.txt notifications, per RFC 9116, to funnel people into the right notification paths. Otherwise, they might try spamming random emails they find or can guess at. I've had external researchers contact our CTO and CEO directly, creating a new problem for me.
-
How to make a bounty bug request
Check if they have a security.txt, if they do not, check their /security. If both come up empty, use any contact form that they have available.
- A qui dénoncer une brèche?
-
Anywhere I can advertise a bounty for my site?
In addition to the Bug bounty programs already posted in the comments, I'd suggest you create a security.txt with a dedicated security contact.
-
need advice please
Does the website have a responsible disclosure page or a security.txt?
-
Whats the policy on posting open government or international government directories?
there's technically https://securitytxt.org as well; but sadly it's not in super duper wide deployment (some big places have it, though!)
-
Implementation of RFC 9116 (security.txt) as well as possibility for encrypted contact
Especially in the area you guys are operating in, I think it would be great if you could implement RFC 9116 (https://securitytxt.org/). If someone finds a vulnerability on your website, the client or even the SPN, this would make communication or a responsible disclosure process much easier. Furthermore, it would be great if the possibility for secure communication with your staff (e.g. using GPG) would be possible.
- I found a security issue on a website, came on a different sub to ask how to monetise this, gave the owners one week to give me a job, then when they didn't, made a tiktok about it to say how knowledgeable in IT I am. Why are they threatening me?
-
Infosys leaked FullAdminAccess AWS keys on PyPI for over a year
When do companies finally start adopting the `security.txt` proposal (see https://securitytxt.org).
Would have made a big difference!
- security.txt
wyhash
- Wyhash: The fastest quality hash function
-
What hash function you use for hash maps / hash tables?
I recently switched to wyhash as it seems to have a good combination of speed and stability.
-
Are there any weaker hashes than MD5, but still randomly distributed?
wyhash is a decent option for if you don't need a cryptographical quality hash
-
Hacker News top posts: Mar 15, 2021
New Bare Hash Map: 2X-3X Speedup over SOTA\ (32 comments)
-
New Bare Hash Map: 2X-3X Speedup over SOTA
I feel like you’d want something a bit safer than “we don’t store the keys and just rely on the hash to be really good” [1], putting “please do not use this for serious tasks” in a comment embedded in the header file isn’t a clear enough warning.
It’s not clear to me that that probability of collision assumptions hold. It’s basically assuming that the hashing is perfect and distributes any inputs to the full 64-bit space with uniform probability. That’s the usual hash map / randomized algorithm hope, but does BigCrush or similar avalanche testing really prove that? (Presumably not, otherwise there wouldn’t be image attacks for things like md5).
[1] https://github.com/wangyi-fudan/wyhash/blob/d2a305811972f391...
- wyhash and wyrand are a non-cryptographic 64-bit hash function and PRNG respectively
What are some alternatives?
security.txt
smhasher - Hash function quality and speed tests
countwords - Playing with counting word frequencies (and performance) in various languages.
aHash - aHash is a non-cryptographic hashing algorithm that uses the AES hardware instruction
hipaa-compliance-developers-guide - A developers guide to HIPAA compliance and application development.
leocad - A CAD application for creating virtual LEGO models
irssi - The client of the future
meow_hash - Official version of the Meow hash, an extremely fast level 1 hash
password-manager-resources - A place for creators and users of password managers to collaborate on resources to make password management better.
smhasher - Automatically exported from code.google.com/p/smhasher
Mersenne-Twister-in-Python - A Mersenne Twister Random Number Generator