Upgrade Your Drupal Skills

We trained 1,000+ Drupal Developers over the last decade.

See Advanced Courses NAH, I know Enough

Bounties: What to do with a high impact Drupal vulnerability?

Parent Feed: 

As a Drupal developer (or in broader terms: as someone who administers and/or is responsible for (a) Drupal site(s)), if you have found a vulnerability, you must assume that someone else may find that vulnerability as well. So the only way to ensure that your sites are not being exploited themselves is
A: Fix the vulnerability yourself
B: Report the vulnerability to the Security team
In general, the Security team will have more expertise in this area than you have yourself, so B is really the only sensible thing to do.

As a hacker, though, who does not have any affiliation with Drupal specifically, this incentive does not apply. These are the people we can (and, in my opinion, should) animate to do the right thing with a bounty.

Author: 
Original Post: 

About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web