Uploaded image for project: 'Moodle Community Sites'
  1. Moodle Community Sites
  2. MDLSITE-6328

Create a new page for reporting security issues to our Vulnerability Disclosure Program

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Low Low
    • moodle.org
    • None

      We are in the process of setting up a Vulnerability Disclosure Program with BugCrowd. Reports will be received via a submission form, which we need to embed on a new page on moodle.org. The page layout will include a brief (HTML or markup that will list things like our goal, expectations and scope), followed by the embedded submission form (embeds using <script> tags).

      Next steps are:

      1. Discuss requirements / implementation with tsala and mudrd8mz .
      2. Determine a URL for the page (I would suggest we use something like /security/report, /security-report or /responsible-disclosure, and do not refer to "bugcrowd" by name in the URL, so it doesn't need to change if we switch providers).
      3. We are awaiting feedback from BugCrowd on our draft brief. Once that is finalised, publish the page with brief and embedded submission form.

      Some examples of other companies' pages (provided by BugCrowd) include:

      1. https://stage.buildxact.com/responsible-disclosure/ - closely matches the format of our draft brief.
      2. https://branch.io/security/report/ (click "Submit a report to see the brief etc).
      3. https://auth0.com/responsible-disclosure-policy

        1. Bugcrowd_submision_form_content.txt
          7 kB

            tsala Helen Foster
            michaelh Michael Hawkins
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.