297
edits
Security/Web Bug Rotation: Difference between revisions
→NEW: update instructions
(update bounty handling text) |
(→NEW: update instructions) |
||
| Line 35: | Line 35: | ||
# Determine if the issue reported is NEW, INVALID, or DUPLICATE | # Determine if the issue reported is NEW, INVALID, or DUPLICATE | ||
# For '''NEW''' bugs | # For '''NEW''' bugs | ||
## | ## CC the Security POC and Backup on the website [https://docs.google.com/spreadsheets/d/14Gp6TPAibO7UkgJTXSeOIeFNMdfDbrUXQpqRFW3tDbg/edit#gid=0 contact list]. Change status to ASSIGNED. | ||
## Set the right '''[https://bugzilla.mozilla.org/describekeywords.cgi keywords]''' | ## Set the right '''[https://bugzilla.mozilla.org/describekeywords.cgi keywords]''' | ||
### sec-{critical,high,moderate,low,other}, see [https://wiki.mozilla.org/WebAppSec/Web_App_Severity_Ratings#Severity_Ratings severity ratings] | ### sec-{critical,high,moderate,low,other}, see [https://wiki.mozilla.org/WebAppSec/Web_App_Severity_Ratings#Severity_Ratings severity ratings] | ||
### wsec-{authentication,cookie,xss,sqli,...}, see [https://wiki.mozilla.org/WebAppSec/Web_App_Severity_Ratings#Group_Keywords vulnerability types] | ### wsec-{authentication,cookie,xss,sqli,...}, see [https://wiki.mozilla.org/WebAppSec/Web_App_Severity_Ratings#Group_Keywords vulnerability types] | ||
## Edit "Assigned To" and | ### If the but is sec-high or sec-critical, or if you believe the issue warrants it, cc the Site Owner and Business Owner to the bug and NEEDINFO flag them to alert them to the bug. | ||
## Edit "Assigned To" and assign the bug to the Security POC. | |||
# If the verification shows that the issue is invalid, close the bug as '''INVALID''' | # If the verification shows that the issue is invalid, close the bug as '''INVALID''' | ||
# For '''DUPLICATE''' bugs, set dupe against old bug. Set keywords & whiteboard for the new duped bug | # For '''DUPLICATE''' bugs, set dupe against old bug. Set keywords & whiteboard for the new duped bug | ||