Bug Alert is a service for alerting security and IT professionals of high-impact and 0day vulnerabilities.

Hi, I'm Matthew Sullivan, a security practitioner, and the founder of Bug Alert.

When the Log4j vulnerability was first discovered, it was reported, as most are, on Twitter. 13 hours passed between the time it was disclosed on Twitter to the time LunaSec put out their widely-shared blog post, and 5 hours passed after that before I saw it up at the top of Hacker News. By then, precious time for reacting had been completely lost; it was nearly midnight or past midnight for most people located in the United States.

There is no central clearinghouse for notifying security professionals about critical security issues. The process for issuing security bulletins from organizations like the CISA are both welcomed and well-intentioned, but by the time a CVE identifier has been issued, or a bulletin posted, it's simply too late.

Bug Alert has exactly one goal: rapid notification for serious flaws in software. This process is conducted entirely in the open, via our project on GitHub. Email/phone/SMS notification services are (obviously) not free, but my intent is to keep this effort funded by community/industry donations, if it is ever needed.

Contributions are highly encouraged! We also need a team of volunteers from around the world who can review and rapidly merge GitHub pull requests detailing new issues, as they come in. Volunteers need to be kind, level-headed individuals who are willing to engage a diverse set of people in the security community with unwavering professionalism and no ego. If that sounds like you, open a GitHub issue letting us know!