Greetings, Please note that you are sending your list of vulnerabilities to a public distribution list. If you have concerns, please send them to open@fda.hhs.gov<mailto:open@fda.hhs.gov>. Thank you, Lonnie Smith From: JC Herz <notifications@github.com> Sent: Tuesday, May 12, 2020 2:08 PM To: FDA/open.fda.gov <open.fda.gov@noreply.github.com> Cc: Subscribed <subscribed@noreply.github.com> Subject: [FDA/open.fda.gov] Critical Vulnerabilities in OpenFDA.gov (#177) I'm writing on behalf of a Ion Channel, a cybersecurity firm that monitors the software supply chain for U.S. critical infrastructure. In response to information on the escalating prevalence of software dependency attacks, and in an effort to preclude such an attack on a federal civilian agency infrastructure, we are reaching out to the developers of publicly released federal software projects that have critical and high severity vulnerabilities, to make them aware of these findings and to encourage immediate remediation. In the case of the OpenFDA.gov web site, our analysis has identified four Critical and fifteen High vulnerabilities (screen shot attached). E-mail info@ionchannel.io<mailto:info@ionchannel.io> for detailed findings or to coordinate further. This is not a sales pitch - all findings will be provided as open data. OpenFDA.gov Screen Shot.pdf<https://github.com/FDA/open.fda.gov/files/4617608/OpenFDA.gov.Screen.Shot.pdf> — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub<#177>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AEUSQQN6ZSMLACCIW2MPZP3RRGGALANCNFSM4M7BULNQ>.