What is it?
Good for him.
I'm pretty sure some people use them for backups.
Okay, so it's just like Yubikey-type stuff? I've thought about that before but it seems very risky - they recommend you get two and set both of them up so you have a backup, but that would require all websites to support that, right?
I'm down for using BitWarden, though, if I can substitute it for physical keys.
I haven't started using passkeys yet because I haven't looked into them. Sell me on them?
That.. seems.. bad.. but what do I know
Not to mention, isn't there an incumbent bias in voting?
Looks like it's mostly for live TV? I haven't had cable in a long time, don't really need to record things.
Hey, it doesn't look obfuscated to me?
Really?
hunter12
Recurring incidents like these raise the question, how does one strike a balance?
Relentlessly reporting theoretical vulnerabilities can leave open-source developers, many of who are volunteers, exhausted from triaging noise.
On the flip side, would it be ethical if security practitioners, including novices, sat on what they thought was a security flaw—so as not to inconvenience the project maintainers?
This was already answered in the article: verify your security findings. Make a POC that actually exploits the vulnerability, then submit it with your report.
Sounds like you just need to practice. Maybe find a friend who can video call you a few times a week just to chat until you're feeling confident?