[wp-meta] [Making WordPress.org] #7259: Add a "Report a vulnerability" button/link to plugin repo pages
Making WordPress.org
noreply at wordpress.org
Thu Sep 7 18:24:50 UTC 2023
#7259: Add a "Report a vulnerability" button/link to plugin repo pages
------------------------------+---------------------
Reporter: mrfoxtalbot | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Plugin Directory | Resolution:
Keywords: |
------------------------------+---------------------
Comment (by oliversild):
I think forcing plugin developers to set up security point of contact
(which btw is already required by law in some EU countries) is a great and
lowest effort way to get them think about security and take
responsibility.
There should be a "Report a security issue" button, 100%, but it should be
customisable link to their vulnerability disclosure policy, security.txt,
bug bounty program, etc.
WordPress.org should not force researchers to report vulnerabilities to
the Plugin Team, because it will clash with the plugins vulnerability
disclosure policies and bug bounty programs. It's also a unwanted overhead
for the WordPress volunteers and it's not reasonable for WordPress.org to
cover vulnerability triage for 60K+ vendors.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/7259#comment:5>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list