The Security team suggested we follow suit with a recent initiative by Metamask to add the https://securitytxt.org/ .well-known file to the website. The intention is to point outside contributors to our bug bounty.
Note to whoever works on this issue: We discussed this in ticket processing, and we've decided we should just create the security.txt file rather than a full page for it.
Issue
The Security team suggested we follow suit with a recent initiative by Metamask to add the https://securitytxt.org/ .well-known file to the website. The intention is to point outside contributors to our bug bounty.
Steps to Reproduce
I should be able to navigate to: https://trufflesuite.com/.well-known/security.txt
Expected Behavior
I should see a link to https://hackerone.com/consensys for bug bounty submissions.
This could instead direct to a full page if we feel that it's worth it. For context, here is the staging version of metamask.io’s new bounty page: https://metamask.consensys.net/security/)
Environment
truffle version
):node --version
):npm --version
):