From b792d82900079650ffd8796bcc352d7e2572c222 Mon Sep 17 00:00:00 2001 From: Ian Dunn Date: Mon, 17 Oct 2022 09:47:30 -0700 Subject: [PATCH 1/2] Security: Add GitHub policy and point to HackerOne --- .github/SECURITY.md | 5 +++++ readme.md | 6 +++++- readme.txt | 2 ++ 3 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 .github/SECURITY.md diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 00000000..28f516df --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,5 @@ +# Reporting Security Issues + +The Two Factor team and WordPress community take security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions. + +To report a security issue, please visit the [WordPress HackerOne](https://hackerone.com/wordpress) program. diff --git a/readme.md b/readme.md index 75c8f24c..9f0ad4bd 100644 --- a/readme.md +++ b/readme.md @@ -10,7 +10,7 @@ See the [readme.txt](readme.txt) for installation and usage instructions. ## Contribute -Please [report issues](https://github.com/WordPress/two-factor/issues) and [open pull requests](https://github.com/WordPress/two-factor/pulls) on GitHub. +Please [report (non-security) issues](https://github.com/WordPress/two-factor/issues) and [open pull requests](https://github.com/WordPress/two-factor/pulls) on GitHub. See below for information on reporting potential security/privacy vulnerabilities. Join the `#core-passwords` channel [on WordPress Slack](http://wordpress.slack.com) ([sign up here](http://chat.wordpress.org)). @@ -38,3 +38,7 @@ Deployments [to WP.org plugin repository](https://wordpress.org/plugins/two-fact ## Credits Created [by contributors](https://github.com/WordPress/two-factor/graphs/contributors) and released under [GPLv2 or later](LICENSE.md). + +## Security + +Please privately report any potential security issues to the [WordPress HackerOne](https://hackerone.com/wordpress) program. diff --git a/readme.txt b/readme.txt index 1a09d79b..63330cd6 100644 --- a/readme.txt +++ b/readme.txt @@ -20,6 +20,8 @@ Use the "Two-Factor Options" section under "Users" → "Your Profile" to enable For more history, see [this post](https://georgestephanis.wordpress.com/2013/08/14/two-cents-on-two-factor/). +Please report any potential security issues to the [WordPress HackerOne](https://hackerone.com/wordpress) program. + = Actions & Filters = Here is a list of action and filter hooks provided by the plugin: From e08cbdb3fd278a31aa8445a7b65dc00274229fcb Mon Sep 17 00:00:00 2001 From: Ian Dunn Date: Mon, 17 Oct 2022 10:13:29 -0700 Subject: [PATCH 2/2] make .org readme consistent with github - fixup into original commit --- readme.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/readme.txt b/readme.txt index 63330cd6..9c1235d4 100644 --- a/readme.txt +++ b/readme.txt @@ -20,8 +20,6 @@ Use the "Two-Factor Options" section under "Users" → "Your Profile" to enable For more history, see [this post](https://georgestephanis.wordpress.com/2013/08/14/two-cents-on-two-factor/). -Please report any potential security issues to the [WordPress HackerOne](https://hackerone.com/wordpress) program. - = Actions & Filters = Here is a list of action and filter hooks provided by the plugin: @@ -39,7 +37,9 @@ Here is a list of action and filter hooks provided by the plugin: == Get Involved == -Development happens [on GitHub](https://github.com/wordpress/two-factor/). +Please [report (non-security) issues](https://github.com/WordPress/two-factor/issues) and [open pull requests](https://github.com/WordPress/two-factor/pulls) on GitHub. + +Please report any potential security issues to the [WordPress HackerOne](https://hackerone.com/wordpress) program. == Changelog ==