Talha Tariq quickly found his company at the center of a fast-moving, high-stakes mitigation effort. The result: a bounty program, a cat-and-mouse patch fight, and a debate…

The software defect in the widely used open-source JavaScript framework allows attackers to bypass middleware-based authorization.