Manlio,
FYI:
Know, Prevent, Fix: A framework for shifting the discussion around
vulnerabilities in open source
Rob Pike, Eric Brewer, Abhishek Arya, Anne Bertucio and Kim Lewandowski
https://security.googleblog.com/2021/02/know-prevent-fix-framework-for-shifting.html
Surviving software depende
I think the problem here is not only the lack of a vulnerability database
for go, but the fact that a lot of people use a module where only one
person (the owner) has access to the repository.
Maybe it is time for a new site like gopkg.in, where each module has one or
more maintainer and there
