[wp-meta] [Making WordPress.org] #7259: Add a "Report a vulnerability" button/link to plugin repo pages
Making WordPress.org
noreply at wordpress.org
Thu Sep 7 18:10:07 UTC 2023
#7259: Add a "Report a vulnerability" button/link to plugin repo pages
------------------------------+---------------------
Reporter: mrfoxtalbot | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Plugin Directory | Resolution:
Keywords: |
------------------------------+---------------------
Comment (by fearzzzz):
Replying to [comment:3 oliversild]:
> When submitting a plugin to the WP.org repo, plugin developer should
have a requirement to add a link to their vulnerability disclosure policy
or to security contact form.
Thus, we will face the situation that most developers aren't ready to talk
about security, and this will only confuse/scare them. It may also turn
out that the whole subject will become more complicated.
Why not add this link ("Report a security issue") as a first "trial" step,
which would open a simple form, the data of which would be sent to two
addresses - the WordPress Plugins team (just to keep an eye on the
situation and have "evidences" that there was a contact attempt and so on)
and to the developer?
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/7259#comment:4>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list