Register Members List Search Today's Posts Mark Forums Read

Information
Policies
vBulletin.com
RSS Syndication

  
Mod Vulnerability Guidelines
Protocols followed when a security vulnerability is found in a modification.

If you discover a potential security vulnerability in a modification the following protocol should be followed:

  1. Do not post about the potential vulnerability in public.
  2. All potential security vulnerabilities reports should be done in PRIVATE. The prefered method to report a vulnerability is by using the Report Post feature (Report Post). Alternative is to notify a staff member in PM.
  3. When reporting a vulnerability, please include as many details as possible.

The following steps are taken when we are notified of a possible security vulnerability:

  1. A staff member will verify the report.
  2. The modification will be removed from the public to prevent more members installing a vulnerable modification.
  3. The author of the modification will be notified in PM.
  4. A private thread will be created where the author can discuss the vulnerability and solutions with staff.
  5. Once the vulnerability is fixed and verified, staff will restore the updated modification thread back into public view.
  6. If the author cannot be contacted to provide a solution, another coder may be aware of the issue and provide a fix . This fix will also be verified by staff.
  7. If no one else provides a solution, then in certain exceptional circumstances, a member of vB.org staff may provide a fix.

Member notifications:

  1. Staff will send out an e-mail notification to members that have downloaded or marked the modification as installed, warning them of the issue.
  2. Staff will also send out an e-mail notification to the same members when the modification has been fixed and returned to the release forums.

New To Site? Need Help?

All times are GMT. The time now is 16:44.

Layout Options | Width: Wide Color: