RT 4.4.1 Documentation

Security

RT Security

Reporting security vulnerabilities in RT

If you believe you've discovered a security issue in RT, please send an email to <security@bestpractical.com> with a detailed description of the issue, and a secure means to respond to you (such as your PGP public key).

More information is available at http://bestpractical.com/security/.

RT's security process

After a security vulnerability is reported to Best Practical and verified, we attempt to resolve it in as timely a fashion as possible. Best Practical support customers will be notified before we disclose the information to the public. All security announcements will be sent to rt-announce@bestpractical.com, which includes rt-users@bestpractical.com and rt-devel@bestpractical.com.

As the tests for security vulnerabilities are often nearly identical to working exploits, sensitive tests will be embargoed for a period of six months before being added to the public RT repository.

Security tips for running RT

← Back to index