search

wakatime / jetbrains-wakatime

IntelliJ IDEA, PyCharm, RubyMine, PhpStorm, AppCode, AndroidStudio, Goland, Rider, & WebStorm plugin for quantifying your coding.
https://wakatime.com/intellij-idea
BSD 3-Clause "New" or "Revised" License
1.12k stars 163 forks source link

Who to contact for security issues #199

Closed JamieSlome closed 2 years ago

JamieSlome commented 2 years ago

Hey there!

I belong to an open source security research community, and a member (@ready-research) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

alanhamlett commented 2 years ago

https://wakatime.com/security.txt

JamieSlome commented 2 years ago

@alanhamlett - we have sent an e-mail to you, but just for reference, you can also view the report here:

https://huntr.dev/bounties/92511e52-6607-4d4d-a15d-606b21197eb5/

It is private and only accessible to maintainers with repository write permissions. Let me know if you have any questions!

alanhamlett commented 2 years ago

That means you didn't even read our security doc. Please don't create spam issues on GitHub.