This is hosted on GitHub Pages, so it takes very minimal resources to setup and keep running. The domain is also likely $10, assuming they didn't need to pay a squatter for it.
I think it's just a trend for any any huge-scale vulnerability research team to put together a website for it, as that amount of effort will indicate a certain level of attention the exploit requests of the reader / the security community at large.
> as that amount of effort will indicate a certain level of attention the exploit requests of the reader / the security community at large.
Feels like a dangerous way to gauge the severity of issues. What if the discloser doesn't have the funds or the skills to setup a dedicated website? Will it not get any attention since there's no yodawgiheardyoulike0days.com website to float up to the top of HN? This is what CVE severity scoring is for and what should be used, not the presence of a dedicated website, no?
Maybe, but it's at least an agreed upon system and a centralized database and format, which can be improved since a org is behind it with the goal to make sec vul disclosure the best it can be. The wild west of marketing websites isn't advancing towards any sort of shared understanding.
I am 100% on board with free and easy assignment of CVEs and a central database of them. I just don't think they are a good place for keeping vulnerability details, because it is too rigid. Having a link to relevant details is good enough, and if the link happens to just include everything in it then I'm fine with that.
I think it's just a trend for any any huge-scale vulnerability research team to put together a website for it, as that amount of effort will indicate a certain level of attention the exploit requests of the reader / the security community at large.
And it doesn't always happen. Log4shell, for example, was not its own website: https://news.ycombinator.com/item?id=29504755