Uploaded image for project: 'Moodle Community Sites'
  1. Moodle Community Sites
  2. MDLSITE-6328

Create a new page for reporting security issues to our Vulnerability Disclosure Program

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Low
    • Resolution: Done
    • Component/s: moodle.org
    • Labels:
      None

      Description

      We are in the process of setting up a Vulnerability Disclosure Program with BugCrowd. Reports will be received via a submission form, which we need to embed on a new page on moodle.org. The page layout will include a brief (HTML or markup that will list things like our goal, expectations and scope), followed by the embedded submission form (embeds using <script> tags).

      Next steps are:

      1. Discuss requirements / implementation with Helen Foster and David Mudrák (@mudrd8mz) .
      2. Determine a URL for the page (I would suggest we use something like /security/report, /security-report or /responsible-disclosure, and do not refer to "bugcrowd" by name in the URL, so it doesn't need to change if we switch providers).
      3. We are awaiting feedback from BugCrowd on our draft brief. Once that is finalised, publish the page with brief and embedded submission form.

      Some examples of other companies' pages (provided by BugCrowd) include:

      1. https://stage.buildxact.com/responsible-disclosure/ - closely matches the format of our draft brief.
      2. https://branch.io/security/report/ (click "Submit a report to see the brief etc).
      3. https://auth0.com/responsible-disclosure-policy

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tsala Helen Foster
              Reporter:
              michaelh Michael Hawkins
              Participants:
              Component watchers:
              Helen Foster
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: