Vulnerability disclosure

This is aimed more towards someone at Glitch but if anyone from the community has any answers, I’ll be just as grateful.

What is the procedure for vulnerability disclosure?

1 Like

You can email support@glitch.com with the details of the security vulnerability.

2 Likes

Thanks for asking!

Here’s our policy:
How can I report a security concern?

1 Like

Does Glitch follow the principles of coordinated vulnerability disclosure? It was not mentioned in the FAQ and I certainly don’t want to make any assumptions regarding the policies and practices you folks have at Glitch. Additionally, is there a particular PGP key I should encrypt the message with to restrict who can view the message?

As always, thanks for the help, @tasha.

EDIT: For information regarding coordinated vulnerability disclosure:

4 Likes

@RA80533 Great question! When it comes to Glitch disclosing security vulnerabilities, those are both excellent resources that we are familiar with and would refer to in tandem with our Terms of Service in the event of a security breach that directly affects our users.

When it comes to reporting security vulnerabilities to us, our goal is to provide a simple and easy way for folks to contact us and share their concern. Reports should be sent to us via our Help Center. In most cases, use of encryption is not necessary. However, a reporter is welcome to request communication via encrypted messaging. In that case we would work with the individual to share information via an encryption service that is agreed upon by both parties.

3 Likes