/
How to deal with security bugs on Jira tickets

How to deal with security bugs on Jira tickets

This is the process to describe dealing with security issues that should not be shared publicly. Since the Jira boards are open to non-organizational members it is prudent to obfuscate issues that may pose a risk to user privacy or continued service or uptime.

 

  1. Share with slack channel #security-issues for verification

  2. Create a LiteFarm owned Google Doc with description of the issue – share with tech lead for prioritization and give them share permissions.

  3. Create a Jira ticket with a non or low descriptive title (eg [SECURITY] - Medium - Login #1) and link the google document.

  4. Share ticket with slack channel #security-issues and tag tech-lead/product-lead for prioritization.

 

LiteFarm shared drive folder: https://drive.google.com/drive/folders/1Fat5ZvEaSQ34CPQjyu2fclcoAmgSEH4f?usp=share_link

Template Doc: https://docs.google.com/document/d/1ImxGpQ69aPPMFEuFI1kK9bZs_v5pDC_6i7frKNDF_YM/edit

 

For contributors: Please request assistance for steps 1,2,4.

 

Related content

Pre-integration peer review
Pre-integration peer review
More like this
Source control and the developer's workflow
Source control and the developer's workflow
More like this
A tour of the codebase and technical stack
A tour of the codebase and technical stack
More like this
S88 Retrospective
S88 Retrospective
More like this
S69 Retrospective
S69 Retrospective
More like this
I want to contribute to the LiteFarm codebase !
I want to contribute to the LiteFarm codebase !
More like this