Users running a non-download version of Vanilla (pulled from github), on branch release/2019.016 or master from the last 2 weeks should upgrade to release/2019.017 or latest master for security reasons. Downloaded official open sources releases are not affected.

Coordinating Vanilla Security Reports?

Hey, everyone,

I am new here, but I have been a fan of Vanilla for years. I used to use it integrated into a previous website for my band, Severed Fifth. :-)

I just wanted to share something that may be of interest. Some of you may be familiar with HackerOne who provide a platform for vulnerability submission and coordination. It makes it simple to provide a security page with scope, a place for people to submit vulnerability reports, detect dupes, manage those reports, gather analytics, and optionally provide bounties.

I have been doing a little work with them building out their community and as part of this work wanted to provide a free instance of HackerOne Professional for open source projects. This has recently been quietly launched, and it struck me that Vanilla might find this handy.

Of course, if you don't want to use it, that is totally fine - I just thought I would kick off a discussion here and share it as it might be of interest. You can learn more about it at https://hackerone.com/product/community

Cheers,

Tagged:

Comments

  • Hey everyone,

    Just bumping this thread. Of course, if this isn't interesting or useful to Vanilla, no worries, just let me know.

    Thanks!

Sign In or Register to comment.