Bug Reports Marked As A Security Vulnerability Misleads As A Public Topic

Reproduction Steps

1. Create a new bug report using the bug report wizard
2. Select “Yes” for “select whether your bug report represents an exploit or security vulnerability”
3. Continue to the last page (page 4) of bug report wizard

Expected Behavior

Header text should say “Private Message” with a brief description of it being a secure message between Roblox and the user.

Actual Behavior

The final submission area of a bug report says it is a public message regardless of it being marked as a security vulnerability. The result is misleading and inaccurate. The image below depicts the current message that appears on the last page of the bug report wizard when making a private report regarding a security vulnerability.

Issue Area: Roblox Website
Page URL: devforum.roblox.com/w/bug-report/steps/step_4
Impact: Low
Frequency: Constantly
Date First Experienced: 2022-10-07 00:10:00 (-04:00)
Date Last Experienced: 2022-10-07 00:10:00 (-04:00)

Noted, thanks for reporting this.

@Bobytoeburrito We have completely taken this functionality out of the bug report wizard on the forum and now direct to our Hackerone program page instead for security vulnerabilities. There is no mention or field related to security vulnerabilities anymore in the bug report wizard.

This should resolve your concern. Thanks for reporting this.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.