[wp-meta] [Making WordPress.org] #7259: Add a "Report a vulnerability" button/link to plugin repo pages
Making WordPress.org
noreply at wordpress.org
Thu Sep 7 17:33:06 UTC 2023
#7259: Add a "Report a vulnerability" button/link to plugin repo pages
------------------------------+---------------------
Reporter: mrfoxtalbot | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Plugin Directory | Resolution:
Keywords: |
------------------------------+---------------------
Comment (by oliversild):
I think the right approach to this issue was described in more detail
here: https://meta.trac.wordpress.org/ticket/6939
"Contributors who have been involved with the project long enough know
that they should email plugins@… to report vulnerabilities." - That is not
entirely true. In fact, we've (Patchstack) been asked by Plugin Team to
try not to send all vulnerabilities to the plugins team and instead report
them to plugin developers directly.
Sending vulnerability reports to the plugins team should only be a
fallback option. When submitting a plugin to the WP.org repo, plugin
developer should have a requirement to add a link to their vulnerability
disclosure policy or to security contact form.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/7259#comment:3>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list