[wp-trac] [WordPress Trac] #57937: Sync the SECURITY.md file with our HackerOne policy
WordPress Trac
noreply at wordpress.org
Wed Apr 19 15:35:57 UTC 2023
#57937: Sync the SECURITY.md file with our HackerOne policy
--------------------------+---------------------
Reporter: desrosj | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.2.1
Component: Security | Version:
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
--------------------------+---------------------
Changes (by desrosj):
* keywords: has-patch commit dev-feedback => has-patch
Comment:
Replying to [comment:5 peterwilsoncc]:
> To follow the KISS principle, it might be easier to link to H1 rather
than attempt to maintain multiple sources of truth.
I think this is a fine path to take, though I'd probably include something
about responsible disclosure.
{{{
### Full policy
WordPress is an open-source publishing platform. The WordPress Security
Team believes in Responsible Disclosure by alerting the security team
immediately and privately of any potential vulnerabilities.
Our HackerOne program covers the Core software, as well as a variety of
related projects and infrastructure.
The full security policy and the full list of covered projects and
infrastructure can be found on the
[https://hackerone.com/wordpress](WordPress HackerOne program page).
Security issues must be submitted via HackerOne and it recommended you
read the full policy
document before submitting your report.
}}}
I'll update the pull request accordingly to reflect this.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57937#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list