https://hackerone.com/the_lds_church
Hacker One maintains a directory of entities and their vulnerability disclosure policies. I think that there should be a publicly available email distro to which reports could be sent so a page like this can have something here.
The same goes for:
https://hackerone.com/brigham_young_university
and
https://hackerone.com/familysearch
What think ye?
A distro for Security Vulnerability reporting
-
- New Member
- Posts: 1
- Joined: Wed Apr 03, 2019 3:10 pm
-
- Community Administrator
- Posts: 34417
- Joined: Sat Jan 20, 2007 2:53 pm
- Location: U.S.
Re: A distro for Security Vulnerability reporting
I'm sure if you left something via the Feedback link on the main page, it would get a response.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.
So we can better help you, please edit your Profile to include your general location.
So we can better help you, please edit your Profile to include your general location.
-
- Senior Member
- Posts: 2049
- Joined: Tue May 22, 2012 1:52 pm
- Location: California, USA
Re: A distro for Security Vulnerability reporting
While it might get a response, I'm not entirely certain it would be a useful response. Feedback goes to volunteers who seem to have varied technical understanding. There seems to be a default "clear your browser cache/restart your browser" reply they give when they really don't understand your issue. Sometimes you have to go back and forth a few times and your issue may get escalated to someone who understands things better. These are individuals who are trying their best to help, but sometimes aren't prepared to handle matters at a more technical level. I could be wrong. Maybe if a Feedback submission mentions security, volunteers are trained to forward it to someone with appropriate skills to assess the situation. It's just that my experience with Feedback is very mixed.russellhltn wrote:I'm sure if you left something via the Feedback link on the main page, it would get a response.
I found a security vulnerability sometime in the past year and didn't think Feedback would be the right way to get it to someone who would understand. Since I'm on the forums a lot, I'm aware of some church employees who participate in the forums on a regular basis and I sent a private message to an individual who I believed would understand the matter. The individual responded and submitted it to the appropriate team. I agree it would be preferable to have a proper way to report security issues.
-
- New Member
- Posts: 1
- Joined: Tue Jul 06, 2021 9:47 am
Re: A distro for Security Vulnerability reporting
You can submit discovered vulnerabilities at: https://churchofjesuschrist.org/informationsecurity.
There's no bounty program, but if you find a vulnerability you can get it into the right hands.
There's no bounty program, but if you find a vulnerability you can get it into the right hands.