Bug Reporter: Add a link for reporting "Security Issues" to the information at the top #5567
Labels
documentation
Improvements or additions to documentation are required by this issue
feature request
New feature (or a request for one)
Milestone
Is your feature request related to a problem?
@iampremo suggested putting a feature request in for this after discussing it briefly.
As of 2024.400 the dropdown to privately report an issue in the IDE has been removed. I've only ever used this option once, but the usecase was to report a potential security issue I had found. The removal of this option is good for general bug reports - it makes sense that bugs and feature requests should be universally in the one public list - but for security issues it makes it a lot less obvious what the correct path should be for such issues.
I was pointed toward the Reporting Security Issues page, but the fact I hadn't known that existed until now means it should be more immediately accessible.
Describe the solution you'd like
With the option to privately submit a bug report gone, it might make sense to have a dedicated help menu item for reporting security issues. Alternatively, the existing reporter could have a "Security" dropdown option which would clarify that submitting in this category is done privately. Another option could be having a link on the reporter with text something like "Report a security issue" that links to the page earlier.
There's a bunch of different ways to approach it and the implementation is less of a concern in form, as long as the IDE provides a clear path to making this sort of report privately. Additionally, the private report option never provided any feedback - whatever form the solution will take should keep communication open so that the reporter can provide more details, or know that it is being addressed.
Hopefully such an option never has to be used! But having it there as clearly as possible means that such reports are openly encouraged, and should mean that security reports make their way through the intended processes to be addressed quickly and ensuring that they can be handled however necessary to the nature of the report.
The text was updated successfully, but these errors were encountered: