0 votes

I may have discovered a security vulnerability with the Paratext registry. How do I report it? To whom do I report it?

I tried looking at https://paratext.org/.well-known/security.txt and https://paratext.org/security.txt , but they are empty or return 404 errors.

Paratext by (443 points)

3 Answers

0 votes
Best answer

Hi @dhigby , that was not my intention. I was merely asking about the preferred way of reporting a discovered security vulnerability, if there was one.

Sometimes, security vulnerabilities are debatable, and not all reports are valid. Reports need to be made privately, to prevent disclosing the vulnerability to potential attackers. If the vulnerability is not fixed, responsible disclosure becomes public disclosure, so that users can take measures to protect themselves, if possible. This thread is not a public disclosure of a vulnerability.

by (443 points)
0 votes

Hi there, please report the apparent vulnerability to [Email Removed] and it will be investigated, thank you!

by [Administrator]
(1.0k points)
0 votes

Thank you!

by (443 points)

This post has succeeded in making a number of people nervous about their data :worried:

An update will set their minds at easeā€¦

Related questions

Welcome to Support Bible, where you can ask questions and receive answers from other members of the community.
But if we walk in the light, as he is in the light, we have fellowship with one another, and the blood of Jesus, his Son, purifies us from all sin.
1 John 1:7
2,648 questions
5,396 answers
5,069 comments
1,443 users