Start a new topic

Security point of contact [more of an ASSC feature]

I do not have any security bugs to report, but I got curious and looked around. There doesn't seem to be any dedicated point of contact to report a high-priority or emergency security problem with the site. This might risk a vulnerability report getting mixed in with a million low-priority bug reports or requests for help.  

I would suggest a dedicated email set in Freshdesk to automatically create high-priority tickets, and indication that it is not to be used for any other purpose. Anyone using it for a non-security issue should probably be Yelled At.

17 people like this idea
1 Comment

I would also suggest publishing a /.well-known/security.txt file to streamline this process, it would make it very easy for security researchers to reach out and flag important issues.

1 person likes this
Login or Signup to post a comment