recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Document the security vulnerability reporting policy

Summary: Fixes T2791. I'm happy with HackerOne, so this pretty much just says "use HackerOne".

Test Plan:
{F128995}

- Clicked all the links.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T2791

Differential Revision: https://secure.phabricator.com/D8538

epriestley 60d8dc81 559c0fe8

+41
+41
src/docs/user/reporting_security.diviner
··· 1 + @title Reporting Security Vulnerabilities 2 + @group intro 3 + 4 + Describes how to report security vulnerabilities in Phabricator. 5 + 6 + = Overview = 7 + 8 + Phabricator runs a disclosure and award program through 9 + [[ https://www.hackerone.com/ | HackerOne ]]. This program is the best way to 10 + submit security issues to us, and awards responsible disclosure of 11 + vulnerabilities with cash bounties. You can find our project page 12 + here: 13 + 14 + (NOTE) https://hackerone.com/phabricator 15 + 16 + The project page has detailed information about the scope of the program and 17 + how to participate. 18 + 19 + We have a 24 hour response timeline, and are usually able to respond to (and, 20 + very often, fix) issues more quickly than that. 21 + 22 + = Other Channels = 23 + 24 + You can also contact us on another channel if you prefer. See 25 + @{article:Give Feedback! Get Support!} for a list of ways to get in touch 26 + with us. 27 + 28 + = Getting Notified = 29 + 30 + When we fix significant security vulnerabilities, we currently publish 31 + information: 32 + 33 + - on our [[ https://www.facebook.com/phabricator | Facebook Page ]]; 34 + - on our [[ https://twitter.com/phabricator | Twitter Feed ]]; 35 + - and on IRC (`#phabricator` on FreeNode). 36 + 37 + If you'd prefer to receive information on other channels, let us know. 38 + 39 + General information about security is reported monthly in the 40 + [[ http://phabricator.org/changelog/ | Changelog ]]. This includes low impact 41 + issues, reports we did not act on, and other details.