How to deal with security bugs on Jira tickets

Owned by Duncan Brain
Last updated: Oct 17, 2023
1 min read

This is the process to describe dealing with security issues that should not be shared publicly. Since the Jira boards are open to non-organizational members it is prudent to obfuscate issues that may pose a risk to user privacy or continued service or uptime.

 

  1. Share with slack channel #security-issues for verification

  2. Create a LiteFarm owned Google Doc with description of the issue – share with tech lead for prioritization and give them share permissions.

  3. Create a Jira ticket with a non or low descriptive title (eg [SECURITY] - Medium - Login #1) and link the google document.

  4. Share ticket with slack channel #security-issues and tag tech-lead/product-lead for prioritization.

 

LiteFarm shared drive folder: https://drive.google.com/drive/folders/1Fat5ZvEaSQ34CPQjyu2fclcoAmgSEH4f?usp=share_link

Template Doc: https://docs.google.com/document/d/1ImxGpQ69aPPMFEuFI1kK9bZs_v5pDC_6i7frKNDF_YM/edit

 

For contributors: Please request assistance for steps 1,2,4.