Coordinating Vanilla Security Reports?
I am new here, but I have been a fan of Vanilla for years. I used to use it integrated into a previous website for my band, Severed Fifth. :-)
I just wanted to share something that may be of interest. Some of you may be familiar with HackerOne who provide a platform for vulnerability submission and coordination. It makes it simple to provide a security page with scope, a place for people to submit vulnerability reports, detect dupes, manage those reports, gather analytics, and optionally provide bounties.
I have been doing a little work with them building out their community and as part of this work wanted to provide a free instance of HackerOne Professional for open source projects. This has recently been quietly launched, and it struck me that Vanilla might find this handy.
Of course, if you don't want to use it, that is totally fine - I just thought I would kick off a discussion here and share it as it might be of interest. You can learn more about it at https://hackerone.com/product/community