Versions Compared

Old Version 29

changes.mady.by.user Phillip Shiu

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Shiu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
panelIconIdatlassian-light_bulb_on
panelIcon:light_bulb_on:
panelIconText:light_bulb_on:
bgColor#DEEBFF

Tip: Hover over the right end of the response block to see a “Copy as text” button:

...

See https://openedx.atlassian.net/wiki/spaces/COMM/pages/3624140816/Security+Working+Group+Private#Common-Issues & add to them!

  • Acknowledge the email quickly:

    • Code Block
      Thank you for your email. We will investigate.

  • Common inquiries & template responses:

    • Duplicates:

      • Code Block
        Thank you for your report. This is a duplicate of an earlier report that we are reviewing.

    • No update yet:

      • Code Block
        Hello,

We are continuing to investigate this report and will reach out to you when we have reached a resolution.

Thank you.

    • Need proof of concept:

      • Code Block
        Hello,

Would you be able to provide a proof of concept for the vulnerability?

Thank you.

    • Confirm correct destination:

      • Code Block
        Hello,

Thank you for reaching out. This e-mail address is the correct place to report any security issues you may have found.

The Open edX project does not offer bug bounties for security vulnerability disclosures. See:

https://github.com/openedx/edx-platform/security/policy#bug-bounty

Thank you.

    • Bug bounty:

      • Code Block
        The Open edX project does not offer bug bounties for security vulnerability disclosures. See:

https://github.com/openedx/edx-platform/security/policy#bug-bounty

  • Inapplicable reports/inquires

    • Intentionally open source:

      • Code Block
        Thank you for this report.  Open edX is an open-source platform; many of our features are developed in the open and collaboratively with community developers.  If you would be interested in contributing, you can learn more at https://open.edx.org/community/

  • Close out the email thread.

    • Forwarded to an operator or Axim:

      • Code Block
        Thank you for your email. We have determined your report pertains to a specific Open edX operator and have forwarded your report to them. The operator will reach out to you if any further information is required.

      • Re-send this email if the reporter continues to inquire about the operator’s contact information.

      • See Forward a report to an operator or Axim, below.

    • Not a security issue:

      • Code Block
        Thank you for the disclosure. We have investigated this and do not believe it is a security issue that needs to be addressed at this time.

    • Verified vulnerability:

      • Code Block
        Hello,

Thank you for your patience. We are resolving the security vulnerability reported by your disclosure.

The Open edX Project does not offer monetary bug bounties for security disclosures.

Thank you again for your disclosure.

...