Ruby now uses HackerOne for managing security vulnerability reports #1410
Conversation
|
@tenderlove here you go :) |
|
We are coordinating to use HackerOne now. Please wait to merge this. |
|
We should warn that only vulnerabilities of Ruby (not the website), should be reported to Hacker One, shouldn't we? |
|
@shugo Yes, I think we should also clarify what kind of vulnerabilities should be reported |
reedloden
force-pushed
the
security-uses-hackerone
branch
from
feb17bb
to
21751f1
Compare
|
@shugo / @zzak -- I made a few changes to the text, but please feel free to provide additional language. I see you all have already made some changes to https://hackerone.com/ruby to note the scope and type of vulns. |
reedloden
force-pushed
the
security-uses-hackerone
branch
from
21751f1
to
a55ca9c
Compare
| an issue. Any valid reported problems will be published after fixes. | ||
|
|
||
| If you have found an issue affecting one of our websites, please | ||
| report it [here](https://github.com/ruby/www.ruby-lang.org/issues/new). |
There was a problem hiding this comment.
[here] -> [on GitHub] or similar
Update security documentation to point to https://hackerone.com/ruby.
reedloden
force-pushed
the
security-uses-hackerone
branch
from
a55ca9c
to
a770e1c
Compare
|
@stomar updated :) |
|
Anything else blocking this, or can we get this merged? (cc @hsbt) |
|
@reedloden Thank you for your update. I confirmed your changes. It is enough for our report line. I appreciate it |
* Follow up "Add Remote Ruby podcasts" (#2732) * Follow up "Updated Basecamp's success story details" (#2784) * Follow up "Update index.md" (#2899) * Follow up "/en/security/index.md" (#1410, #2857) * Apply suggestions from code review Co-authored-by: Chayoung You <yousbe@gmail.com> * Give more detail about link Co-authored-by: Chayoung You <yousbe@gmail.com>
Update security documentation to point to https://hackerone.com/ruby.