split api.data.gov from data.gov

18F / bug-bounty

OUT OF DATE: Internal documentation for TTS's bug bounty.

https://github.com/18F/tts-tech-portfolio/issues/49

Other

9 stars 5 forks source link

split api.data.gov from data.gov #39

Closed afeld closed 3 years ago

afeld commented 3 years ago

Background Information

Right now, the groups are both under data.gov. Since they are separate FISMA systems with separate teams, probably makes sense to split them apart in HackerOne.

Implementation Steps

[x] Create new group
[x] Move users — just @gbinal and @gui I think
[x] Notify HackerOne — not actually sure how they know which group to route to

Acceptance Criteria

[x] It's possible to triage issues to the api.data.gov team independently of the data.gov team

its-a-lisa-at-work commented 3 years ago

Brought this up at today's meeting and Sitora is going to look into it and get back to us.

its-a-lisa-at-work commented 3 years ago

Sent an email to HackerOne today nudging them on this

its-a-lisa-at-work commented 3 years ago

From H1:

We have a new user group created for api.data.gov, and triage has the following instructions:

For reports on api.data.gov, please assign to the api.data.gov group, as it's a different team than data.gov.

We already had api.data.gov as a separate scope item, and I separated it from the data.gov description in the policy: