Page MenuHomePhorge

Create a pathway for security-related issues to be reported
Open, Needs TriagePublic


Phabricator upstream uses HackerOne I believe, where people can report security issues there which are then communicated to Evan.

We want to encourage users to also report issues about Phorge. Look into setting up a HackerOne account, though we would not be able to issue any rewards at this time due to not having any funding for this project.

Related Objects

Mentioned In

Event Timeline

We do have a security task creation form and a separate space that roots have access to. See S2

Turns out the "Create Security Task" form doesn't allow users to create tasks, because they can't see the S2 space.

I'm updating it so that it will keep the tasks in S1, and use Policies to limit access.