Security point of contact [more of an ASSC feature]
atomicthumbs
started a topic
over 1 year ago
I do not have any security bugs to report, but I got curious and looked around. There doesn't seem to be any dedicated point of contact to report a high-priority or emergency security problem with the site. This might risk a vulnerability report getting mixed in with a million low-priority bug reports or requests for help.
I would suggest a dedicated security@cohost.org email set in Freshdesk to automatically create high-priority tickets, and indication that it is not to be used for any other purpose. Anyone using it for a non-security issue should probably be Yelled At.
17 people like this idea
1 Comment
vivithecanine
said
over 1 year ago
I would also suggest publishing a /.well-known/security.txt file to streamline this process, it would make it very easy for security researchers to reach out and flag important issues.
atomicthumbs
I do not have any security bugs to report, but I got curious and looked around. There doesn't seem to be any dedicated point of contact to report a high-priority or emergency security problem with the site. This might risk a vulnerability report getting mixed in with a million low-priority bug reports or requests for help.
I would suggest a dedicated security@cohost.org email set in Freshdesk to automatically create high-priority tickets, and indication that it is not to be used for any other purpose. Anyone using it for a non-security issue should probably be Yelled At.
17 people like this idea