[MDL-69877] Set up a security.txt file in Moodle LMS - Moodle Tracker

XML

Word

Printable

Details

Type: Task
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.9.3, 3.10, 3.11
Fix Version/s: 3.9.4, 3.10.1
Component/s: General
Labels:

Affected Branches:
MOODLE_310_STABLE, MOODLE_311_STABLE, MOODLE_39_STABLE
Fixed Branches:
MOODLE_310_STABLE, MOODLE_39_STABLE
Pull from Repository:
git://github.com/mickhawkins/moodle.git
Pull 3.9 Branch:
~~MDL-69877~~-39
Pull 3.9 Diff URL:
https://github.com/mickhawkins/moodle/compare/7de4119fe2...MDL-69877-39
Pull 3.11 Branch:
~~MDL-69877~~-311
Pull 3.11 Diff URL:
https://github.com/mickhawkins/moodle/compare/dab0910676...MDL-69877-311
Pull Main Branch:
~~MDL-69877~~-master
Pull Main Diff URL:
https://github.com/mickhawkins/moodle/compare/ed2400457b...MDL-69877-master
Testing Instructions:
Hide

Visit <wwwroot>/security.txt in your web browser.

CONFIRM security contact URL details are visible on that page.

CONFIRM all URLs are correct.

CONFIRM that the expiry date listed matches 1am UTC on the scheduled date of the 3.11 release.
Show
Visit <wwwroot>/security.txt in your web browser. CONFIRM security contact URL details are visible on that page. CONFIRM all URLs are correct. CONFIRM that the expiry date listed matches 1am UTC on the scheduled date of the 3.11 release.

Description

As part of our strategy to improve visibility of our security processes and resources, I'd like to implement a security.txt file.

This is an emerging standard to provide easy to access information about our policies, how to submit security issues etc. I think the best time to look into this is after we are set up with BugCrowd, as this will boost visibility of the new program/reporting procedures, and we will also have much more comprehensive policy/scope documentation to link to.

More information can be found at the security.txt website.

Attachments

Issue Links

has a non-specific relationship to

MDL-70595 Update security.txt for 3.11 release

Closed

has been marked as being related by

MDL-72132 Handle files with a . inside pluginfile paths correctly

Open

has to be done after

MDLSITE-6259 Setup vulnerability disclosure program with BugCrowd

Resolved

has to be done before

MDLSITE-6379 Add security.txt to moodle.org

Closed

links to

Security txt website

Activity

People

Assignee:: Michael Hawkins

Reporter:: Michael Hawkins

Peer reviewer:: David Mudrák (@mudrd8mz)

Integrator:: Jake Dallimore

Tester:: CiBoT

Participants:: Brendan Heywood, CiBoT, David Mudrák (@mudrd8mz), Eloy Lafuente (stronk7), Jake Dallimore, Michael Hawkins

Votes:: 1 Vote for this issue

Watchers:: 12 Start watching this issue

Dates

Created:: 07/Oct/20 3:30 PM

Updated:: 12/Jul/21 5:59 AM

Resolved:: 15/Jan/21 4:03 PM

Fix Release Date:: 18/Jan/21

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

3h 11m