Provide improved security/bug-reporting disclosure instructions #70
Comments
|
Thank you for getting this moving CM! I think a clearly marked "Security Disclosure" section under a "contact" page will do wonders for Gridcoin development and reputation. For those who do not wish to use slack, we could direct them to a specific e-mail, perhaps multidev, perhaps not, whatever structure we want. While we're at it, what if we set up more direct communication channels for other types of contact: Media and whatever else we can come up with. This will break up contact so no 1 person must deal with all the different e-mail GRC receives. If these are added to a General@gridcoin (or whatever) e-mail, it will also act as a natural filter for people asking random questions and people with specific intent. |
|
I can put a PR in immediately which changes the "Contact Us" link in the footer to a link to the dev slack channel. If anyone has any other suggestions, such as having multiple points of contact (Contact Us Page), let me know and I will edit the PR. It's up. #71 |
|
#72 adds to header |
|
This issue was moved to gridcoin-community/Gridcoin-Site#1 |
Due to a lack of communication & established security disclosure instructions, several security researchers have published rather negative research against Gridcoin citing a lack of communication/attention by the devs.
Ideally, we should not promote contact@gridcoin.us as the main contact point as this isn't a team email account but rather monitored by Rob (who in this scenario allegedly ignored/missed the researchers subsequent emails).
We should route researchers towards Slack's #development channel, or instruct them to contact an admin/op/mod on irc/telegram/slack/cryptocointalk. Had the researchers reached out via chat, they would have had more attention paid to them by many users.
The text was updated successfully, but these errors were encountered: