[Bug 534506] Make it so that any user can file a vulnerability report
Bugzilla Link | 534506 |
Status | NEW |
Importance | P3 normal |
Reported | May 09, 2018 11:12 EDT |
Modified | Dec 20, 2021 11:29 EDT |
Description
When somebody who is not a committer creates a new bug report for a vulnerability, it would be handy for them to be able to mark it as "committers-only".
As we move more into the runtime space, having this ability will become more critical. Controlling the time of the dissemination of vulnerabilities is important in this space and depending on the Security Team to create all of the bug reports from folks outside of our community isn't a fair expectation.
Having the Security Team create the bug reports often requires a bit of a dance to get the original reporter copied on the record. If that user hasn't already connected to our Bugzilla instance (which seems to be a very common case), when when create the bug, we need them to log in, and then tell us so that we can add them in CC (since they can't access the record to do it themselves). This makes us look goofy.
Can we make that happen?