GitHub dismissed security reports on flaws now exploited by supplychain worm researchers say

Alexander Martin reports GitHub rejected two formal vulnerability reports identifying design flaws that researchers say are enabling variants of the ShaiHulud supplychain worm to infect and compromise hundreds of software packages and developer accounts worldwide The reports submitted by threat intelligence group Deep Specter Research through GitHubs bug disclosure channel on HackerOne were both closed Source