It has been reported that SSH client PuTTY has received numerous security patches. The fixes implemented on PuTTY over the weekend include new features plugging a plethora of vulns in the Telnet and SSH client, most of which were uncovered as part of an EU-sponsored HackerOne bug bounty.
— Zanket.com (@Zanket_com) March 19, 2019
Gavin Millard, VP of Intelligence at Tenable:
“Initiatives, such as the EU’s sponsored bug hunt on a ubiquitous piece of software like PuTTY, are so important. While the bugs discovered appear to be relatively tame or restricted to unreleased versions of the software, the value from the code having been reviewed cannot be underestimated.
“Often open source projects are run by a small group of volunteers who are bogged down in the detail which often means identifying flaws is difficult. Having an external audit not only improves the code and experience for the people using the program, but also helps the creators learn where weaknesses are introduced that can be transferred to the next project.”