Closed Zsailer closed 7 months ago
@Zsailer I noticed that you have mentioned security group email as the route for reporting security reports. Using the group email for reporting bugs from all projects might be chaotic. Should we rather use the Github's CVE process to document these bugs? There are 2 advantages:
Closing, since the bug bounty program is finished. Thanks all!
At yesterday's meeting, we discussed Jupyter Server's participation in the a Security Bug Bounty program offered to Jupyter subprojects sponsored by the European Commission. Read more about it from @jasongrout's thread on the JupyterLab Team Compass page.
We elected to participate in this program, starting as soon as possible. I'll be sending the email today to enlist ourselves.
I (@Zsailer), @3coins, @jess-x, @andrii-i, and (when available) @kevin-bates agreed to help triage any issues that are created by this program.
The following repos will be added to the program: