...
Panel | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Tip: Hover over the right end of the response block to see a “Copy as text” button: |
...
See https://openedx.atlassian.net/wiki/spaces/COMM/pages/3624140816/Security+Working+Group+Private#Common-Issues & add to them!
Acknowledge the email quickly:
Code Block Thank you for your email. We will investigate.
Common inquiries & template responses:
Duplicates:
Code Block Thank you for your report. This is a duplicate of an earlier report that we are reviewing.
No update yet:
Code Block Hello, We are continuing to investigate this report and will reach out to you when we have reached a resolution. Thank you.
Need proof of concept:
Code Block Hello, Would you be able to provide a proof of concept for the vulnerability? Thank you.
Confirm correct destination:
Code Block Hello, Thank you for reaching out. This e-mail address is the correct place to report any security issues you may have found. The Open edX project does not offer bug bounties for security vulnerability disclosures. See: https://github.com/openedx/edx-platform/security/policy#bug-bounty Thank you.
Bug bounty:
Code Block The Open edX project does not offer bug bounties for security vulnerability disclosures. See: https://github.com/openedx/edx-platform/security/policy#bug-bounty
Inapplicable reports/inquires
Intentionally open source:
Code Block Thank you for this report. Open edX is an open-source platform; many of our features are developed in the open and collaboratively with community developers. If you would be interested in contributing, you can learn more at https://open.edx.org/community/
Close out the email thread.
Forwarded to an operator or Axim:
Code Block Thank you for your email. We have determined your report pertains to a specific Open edX operator and have forwarded your report to them. The operator will reach out to you if any further information is required.
Re-send this email if the reporter continues to inquire about the operator’s contact information.
See Forward a report to an operator or Axim, below.
Not a security issue:
Code Block Thank you for the disclosure. We have investigated this and do not believe it is a security issue that needs to be addressed at this time.
Verified vulnerability:
Code Block Hello, Thank you for your patience. We are resolving the security vulnerability reported by your disclosure. The Open edX Project does not offer monetary bug bounties for security disclosures. Thank you again for your disclosure.
...