Security/Web Bug Rotation: Difference between revisions

Security/Web Bug Rotation (view source)

Revision as of 18:08, 28 April 2016

39 bytes added , 28 April 2016

→‎Template: fixup

Amuntner

297

edits

@@ Line 35: / Line 35: @@
 # Determine if the issue reported is NEW, INVALID, or DUPLICATE
 # For '''NEW''' bugs
-## CC the Security POC and Backup on the website [https://docs.google.com/spreadsheets/d/14Gp6TPAibO7UkgJTXSeOIeFNMdfDbrUXQpqRFW3tDbg/edit#gid=0 contact list].  Change status to ASSIGNED.
+## CC the Security POC and Backup on the website [https://docs.google.com/spreadsheets/d/14Gp6TPAibO7UkgJTXSeOIeFNMdfDbrUXQpqRFW3tDbg/edit#gid=0 contact list].
+##  Change status to ASSIGNED. Edit "Assigned To" and assign the bug to the Security POC.
+## Needinfo flag the Security POC and their backup.
 ## Set the right '''[https://bugzilla.mozilla.org/describekeywords.cgi keywords]'''
 ### sec-{critical,high,moderate,low,other}, see [https://wiki.mozilla.org/WebAppSec/Web_App_Severity_Ratings#Severity_Ratings severity ratings]
 ### wsec-{authentication,cookie,xss,sqli,...}, see [https://wiki.mozilla.org/WebAppSec/Web_App_Severity_Ratings#Group_Keywords vulnerability types]
-### If the but is sec-high or sec-critical, or if you believe the issue warrants it, cc the Site Owner and Business Owner to the bug and NEEDINFO flag them to alert them to the bug.
+### If the bug is rated sec-high or sec-critical, or if you believe the issue warrants it, cc the Site Owner and Business Owner to the bug, cc and needinfo flag them.
-## Edit "Assigned To" and assign the bug to the Security POC.
 # If the verification shows that the issue is invalid, close the bug as '''INVALID'''
 # For '''DUPLICATE''' bugs, set dupe against old bug. Set keywords & whiteboard for the new duped bug