0 votes

I may have discovered a security vulnerability with the Paratext registry. How do I report it? To whom do I report it?

I tried looking at https://paratext.org/.well-known/security.txt and https://paratext.org/security.txt , but they are empty or return 404 errors.

Paratext by (443 points)

3 Answers

0 votes
Best answer

Hi @dhigby , that was not my intention. I was merely asking about the preferred way of reporting a discovered security vulnerability, if there was one.

Sometimes, security vulnerabilities are debatable, and not all reports are valid. Reports need to be made privately, to prevent disclosing the vulnerability to potential attackers. If the vulnerability is not fixed, responsible disclosure becomes public disclosure, so that users can take measures to protect themselves, if possible. This thread is not a public disclosure of a vulnerability.

by (443 points)
0 votes

Hi there, please report the apparent vulnerability to [Email Removed] and it will be investigated, thank you!

by [Administrator]
(1.0k points)
0 votes

Thank you!

by (443 points)

This post has succeeded in making a number of people nervous about their data :worried:

An update will set their minds at ease…

Related questions

Welcome to Support Bible, where you can ask questions and receive answers from other members of the community.
They devoted themselves to the apostles’ teaching and to fellowship, to the breaking of bread and to prayer.
Acts 2:42
2,627 questions
5,369 answers
5,042 comments
1,420 users