MozillaWiki

Security/Web Bug Rotation: Difference between revisions

Page Discussion

Security/Web Bug Rotation (view source)

Revision as of 22:45, 29 April 2022

644 bytes added ,  29 April 2022
Adding boilerplate comment to add once the bug is fixed
No edit summary
(Adding boilerplate comment to add once the bug is fixed)
 
(6 intermediate revisions by 3 users not shown)
Line 17: Line 17:
! Day !! On-call !! Slack handle
! Day !! On-call !! Slack handle
|-  
|-  
|  Monday || Greg Guthe || gguthe
|  Monday - Friday || Frida Kiriakos || Frida
|-
|  Tuesday || AJ Bahnken || ajvb
|-  
|  Wednesday || AJ Bahnken || ajvb
|-
|  Thursday || Arcadia Rose || arcadia
|-
Friday || April King || April
|}
|}


Line 46: Line 38:


Follow up on a '''NEW''' bug until you get the assurance that it will be fixed, the urgency of which depends on the vulnerability and the target.
Follow up on a '''NEW''' bug until you get the assurance that it will be fixed, the urgency of which depends on the vulnerability and the target.
= Vulnerability Mitigation process =
When the reported vulnerability is mitigated, the engineer that did the work should change the bug status from '''NEW''' to '''FIXED'''. The engineer or bug bounty triager should then add a comment to the bug so the reporter knows what happens next. That comment should be
<blockquote>
Thanks very much for reporting this issue to us. Now that the issue is fixed, the bug bounty team will be reviewing your report over the upcoming weeks to make a determination of what if any award Mozilla will be granting for this report. It may take up to 3 weeks but know that we've not forgotten this ticket, we have a tracking system and a review cadence that will ensure that all potentially bounty eligible reports get reviewed and acted on.
</blockquote>


=Bounty=
=Bounty=
Gene wood
Confirmed users
121

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1228141...1242145"