security issue reporting procedures ?

Emporia Energy Community Support Center Report a Bug security issue reporting procedures ?

Viewing 3 reply threads
  • Author
    Posts
    • #7046 Report Abuse
      zerog2k
      Member

      Emporia,

      What is your security reporting procedure and responsible disclosure policy?

      ref:

      https://www.hackerone.com/blog/What-Vulnerability-Disclosure-Policy-and-Why-You-Need-One

       

    • #7089 Report Abuse
      Ted @ Emporia
      Emporia Staff

       

      We don’t have a formal process in place yet.  We’re a small dev team working to release new features and haven’t had time to figure out if the best process is to hire HackerOne or not.

      We’ve had a couple of customers reach out about issues which we then resolved.

      What do you suggest as a first step?

    • #7171 Report Abuse
      zerog2k
      Member

      Do you have an email which a party wishing to make a responsible disclosure can correspond with your team?
      This public forum is probably not appropriate for reporting possibly sensitive issues.

      Regarding the responsible disclosure policy, part of it is about establishing a reporting process and commitments to prioritize fixing issues, but also about assurances that responsible disclosures made in good faith will be treated in good faith, and that the reporter would not be penalized.

      It’s not surprising that some companies react to be being notified about potential security issues by threatening the messenger with legal action – which has a chilling effect on responsible disclosure. The policy just helps set expectations on all sides.

       

    • #7325 Report Abuse
      Emporia Support
      Emporia Staff

      Hi @zerog2k,

      Sorry for the delayed response. We agree with the points you’ve provided above. We’ll be having discussions around this concept within the company and I hope to have updates to share soon (although I don’t want to commit to a specific timeline). If you have a particular concern, please feel free to reach out directly to the Support team and we can discuss any issues you have outside of the public forum. Thanks!

      Emporia Support Team

Viewing 3 reply threads
  • You must be logged in to reply to this topic.