mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-23 22:10:55 +01:00
Document the security vulnerability reporting policy
Summary: Fixes T2791. I'm happy with HackerOne, so this pretty much just says "use HackerOne". Test Plan: {F128995} - Clicked all the links. Reviewers: btrahan, chad Reviewed By: chad Subscribers: epriestley Maniphest Tasks: T2791 Differential Revision: https://secure.phabricator.com/D8538
This commit is contained in:
parent
559c0fe886
commit
60d8dc813e
1 changed files with 41 additions and 0 deletions
41
src/docs/user/reporting_security.diviner
Normal file
41
src/docs/user/reporting_security.diviner
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
@title Reporting Security Vulnerabilities
|
||||||
|
@group intro
|
||||||
|
|
||||||
|
Describes how to report security vulnerabilities in Phabricator.
|
||||||
|
|
||||||
|
= Overview =
|
||||||
|
|
||||||
|
Phabricator runs a disclosure and award program through
|
||||||
|
[[ https://www.hackerone.com/ | HackerOne ]]. This program is the best way to
|
||||||
|
submit security issues to us, and awards responsible disclosure of
|
||||||
|
vulnerabilities with cash bounties. You can find our project page
|
||||||
|
here:
|
||||||
|
|
||||||
|
(NOTE) https://hackerone.com/phabricator
|
||||||
|
|
||||||
|
The project page has detailed information about the scope of the program and
|
||||||
|
how to participate.
|
||||||
|
|
||||||
|
We have a 24 hour response timeline, and are usually able to respond to (and,
|
||||||
|
very often, fix) issues more quickly than that.
|
||||||
|
|
||||||
|
= Other Channels =
|
||||||
|
|
||||||
|
You can also contact us on another channel if you prefer. See
|
||||||
|
@{article:Give Feedback! Get Support!} for a list of ways to get in touch
|
||||||
|
with us.
|
||||||
|
|
||||||
|
= Getting Notified =
|
||||||
|
|
||||||
|
When we fix significant security vulnerabilities, we currently publish
|
||||||
|
information:
|
||||||
|
|
||||||
|
- on our [[ https://www.facebook.com/phabricator | Facebook Page ]];
|
||||||
|
- on our [[ https://twitter.com/phabricator | Twitter Feed ]];
|
||||||
|
- and on IRC (`#phabricator` on FreeNode).
|
||||||
|
|
||||||
|
If you'd prefer to receive information on other channels, let us know.
|
||||||
|
|
||||||
|
General information about security is reported monthly in the
|
||||||
|
[[ http://phabricator.org/changelog/ | Changelog ]]. This includes low impact
|
||||||
|
issues, reports we did not act on, and other details.
|
Loading…
Reference in a new issue