WordPress Is Now on HackerOne, Launches Bug Bounties

WordPress now has its own official HackerOne account where security researchers can responsibly disclose vulnerabilities to the security team. The project’s page was previously listed under Automattic’s profile before HackerOne launched its free community edition for open source projects. WordPress has now transitioned to its own account, which also includes sister projects BuddyPress, bbPress, GlotPress, and WP-CLI, along with all of their respective websites.
The WordPress Security team launched its HackerOne profile privately at first and had been inviting reporters to use it when they reported security issues via email. Having the profile public makes it possible for the team to work together on triaging the issues that are submitted....

Read the full content here