0 votes

I may have discovered a security vulnerability with the Paratext registry. How do I report it? To whom do I report it?

I tried looking at https://paratext.org/.well-known/security.txt and https://paratext.org/security.txt , but they are empty or return 404 errors.

Paratext by (443 points)

3 Answers

0 votes
Best answer

Hi @dhigby , that was not my intention. I was merely asking about the preferred way of reporting a discovered security vulnerability, if there was one.

Sometimes, security vulnerabilities are debatable, and not all reports are valid. Reports need to be made privately, to prevent disclosing the vulnerability to potential attackers. If the vulnerability is not fixed, responsible disclosure becomes public disclosure, so that users can take measures to protect themselves, if possible. This thread is not a public disclosure of a vulnerability.

by (443 points)
0 votes

Hi there, please report the apparent vulnerability to [Email Removed] and it will be investigated, thank you!

by [Administrator]
(1.0k points)
0 votes

Thank you!

by (443 points)

This post has succeeded in making a number of people nervous about their data :worried:

An update will set their minds at easeā€¦

Related questions

Welcome to Support Bible, where you can ask questions and receive answers from other members of the community.
All the believers were one in heart and mind. No one claimed that any of their possessions was their own, but they shared everything they had.
Acts 4:32
2,627 questions
5,369 answers
5,042 comments
1,420 users