From 5ae4980e1166fe68265f31c670e380b8a16eb723 Mon Sep 17 00:00:00 2001 From: SyntheticBird Date: Sat, 26 Apr 2025 13:15:16 +0000 Subject: [PATCH 1/3] Update VRP point of contacts Removed Luigi and added selsta --- VULNERABILITY_RESPONSE_PROCESS.md | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/VULNERABILITY_RESPONSE_PROCESS.md b/VULNERABILITY_RESPONSE_PROCESS.md index fd3c8ae..197bf4c 100644 --- a/VULNERABILITY_RESPONSE_PROCESS.md +++ b/VULNERABILITY_RESPONSE_PROCESS.md @@ -24,25 +24,22 @@ ## I. Points of contact for security issues -**Please, CC all points of contact if you decide to use email instead of HackerOne** +**Please, CC all points of contact if you decide to use another method instead of HackerOne** +Available point of contacts: ``` -luigi1111 [at] getmonero.org -PGP fingerprint = 8777 AB8F 778E E894 87A2 F8E7 F4AC A018 3641 E010 - moneromooo on irc.libera.chat PGP fingerprint = 48B0 8161 FBDA DFE3 93AD FC3E 686F 0745 4D6C EFC3 If pasting GPG encrypted data, use paste.debian.net or paste.ubuntu.com as these don't blackball Tor via Cloudflare. OTR: DA3DD149 6DEF8EF1 941FB6BC 4FD8DFCC 7EF36E39 on irc.libera.chat OTR: 6C7966BB 72E42F33 E1A3F137 2133AC39 D343514A on irc.freenode.net - ``` ## II. Security response team -- luigi1111 - moneromooo +- selsta ## III. Incident response From 8dbe957825ecc6a4e2a171bbdc977eb194435cc7 Mon Sep 17 00:00:00 2001 From: SyntheticBird Date: Sat, 26 Apr 2025 13:16:01 +0000 Subject: [PATCH 2/3] fix typo --- VULNERABILITY_RESPONSE_PROCESS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VULNERABILITY_RESPONSE_PROCESS.md b/VULNERABILITY_RESPONSE_PROCESS.md index 197bf4c..bc43737 100644 --- a/VULNERABILITY_RESPONSE_PROCESS.md +++ b/VULNERABILITY_RESPONSE_PROCESS.md @@ -26,7 +26,7 @@ **Please, CC all points of contact if you decide to use another method instead of HackerOne** -Available point of contacts: +Available points of contact: ``` moneromooo on irc.libera.chat PGP fingerprint = 48B0 8161 FBDA DFE3 93AD FC3E 686F 0745 4D6C EFC3 From b2a33ad315f172d4dae79444cdb0dced669ce5a0 Mon Sep 17 00:00:00 2001 From: SyntheticBird Date: Sat, 26 Apr 2025 13:19:09 +0000 Subject: [PATCH 3/3] forgor --- VULNERABILITY_RESPONSE_PROCESS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VULNERABILITY_RESPONSE_PROCESS.md b/VULNERABILITY_RESPONSE_PROCESS.md index bc43737..a664f35 100644 --- a/VULNERABILITY_RESPONSE_PROCESS.md +++ b/VULNERABILITY_RESPONSE_PROCESS.md @@ -44,7 +44,7 @@ OTR: 6C7966BB 72E42F33 E1A3F137 2133AC39 D343514A on irc.freenode.net ## III. Incident response 1. Researcher submits report via one or both of two methods: - - a. PGP encrypted Email (use the appropriate fingerprints [listed in section I](#i-points-of-contact-for-security-issues) or as included in the Monero repo in `utils/gpg_keys/`) + - a. PGP encrypted pastebin or Email (use the appropriate fingerprints [listed in section I](#i-points-of-contact-for-security-issues) or as included in the Monero repo in `utils/gpg_keys/`) - b. [HackerOne](https://hackerone.com/monero) 2. Response Team designates a Response Manager who is in charge of the particular report based on availability and/or knowledge-set