Add information about the new VDP.

johnbillion · Feb 28, 2024 · d26e982 · d26e982
1 parent 6afd142
commit d26e982
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 3 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -11,7 +11,9 @@ If you enjoy using User Switching I would greatly appreciate it <a href="https:/
 
 ## Reporting Security Issues
 
-If you discover a security issue in User Switching, please report it to [the security program on HackerOne](https://hackerone.com/johnblackbourn). Do not report security issues on GitHub or the WordPress.org support forums. Thank you.
+You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team helps validate, triage, and handle any security vulnerabilities. [Report a security vulnerability here](https://patchstack.com/database/vdp/user-switching).
+
+Do not report security issues on GitHub or the WordPress.org support forums. Thank you.
 
 ## Inclusivity and Code of Conduct
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -1,5 +1,7 @@
 # Security Policy
 
-## Reporting a Vulnerability
+### How can I report a security bug?
 
-If you discover a security issue in User Switching, please report it to [the security program on HackerOne](https://hackerone.com/johnblackbourn). Do not report security issues on GitHub or the WordPress.org support forums. Thank you.
+You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team helps validate, triage, and handle any security vulnerabilities. [Report a security vulnerability here](https://patchstack.com/database/vdp/user-switching).
+
+Do not report security issues on GitHub or the WordPress.org support forums. Thank you.
diff --git a/readme.md b/readme.md
@@ -39,6 +39,7 @@ Note: User Switching supports versions of WordPress up to three years old, and P
  * Implements the nonce security system in WordPress, meaning only those who intend to switch users can switch.
  * Full support for user session validation where appropriate.
  * Full support for HTTPS.
+ * Backed by [the Patchstack Vulnerability Disclosure Program](https://patchstack.com/database/vdp/user-switching)
 
 ### Usage
 
@@ -304,6 +305,10 @@ In addition, User Switching respects the following filters from WordPress core w
 * `login_redirect` when switching to another user.
 * `logout_redirect` when switching off.
 
+### How can I report a security bug?
+
+You can report security bugs through the Patchstack Vulnerability Disclosure Program. The Patchstack team helps validate, triage, and handle any security vulnerabilities. [Report a security vulnerability here](https://patchstack.com/database/vdp/user-switching).
+
 ### Do you accept donations?
 
 [I am accepting sponsorships via the GitHub Sponsors program](https://github.com/sponsors/johnbillion) and any support you can give will help me maintain this plugin and keep it free for everyone.