forked from phacility/phabricator
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathreporting_security.diviner
36 lines (24 loc) · 1.04 KB
/
reporting_security.diviner
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
@title Reporting Security Vulnerabilities
@group intro
Describes how to report security vulnerabilities in Phabricator.
Overview
========
Phabricator runs a disclosure and award program through
[[ https://www.hackerone.com/ | HackerOne ]]. This program is the best way to
submit security issues to us, and awards responsible disclosure of
vulnerabilities with cash bounties. You can find our project page
here:
(NOTE) https://hackerone.com/phabricator
The project page has detailed information about the scope of the program and
how to participate.
We have a 24 hour response timeline, and are usually able to respond to (and,
very often, fix) issues more quickly than that.
Other Channels
==============
If you aren't sure if something qualifies or don't want to report via
HackerOne, you can submit the issue as a normal bug report. For instructions,
see @{article:Contributing Bug Reports}.
Get Updated
===========
General information about security changes is reported weekly in the
[[ https://secure.phabricator.com/w/changelog/ | Changelog ]].