yindo/posthog.com
1
0
Fork 0
mirror of https://github.com/BillyOutlast/posthog.com.git synced 2026-02-04 03:11:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add section about reporting phishing emails (#13152)

Browse Source 
* Add section about reporting phishing emails

* Update security report info for consistency

* Remove duplicate info
This commit is contained in:
Tom Piccirello
2025-10-09 15:24:43 -07:00
committed by GitHub
parent 3a6f6331c3
commit 5a53c0313c
3 changed files with 6 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
SECURITY.md
View File

@@ -2,6 +2,6 @@
## Reporting a Vulnerability
Please report security vulnerabilities to security@posthog.com.
Security vulnerabilities and other security related findings can be reported via our [vulnerability disclosure program](https://bugcrowd.com/engagements/posthog-vdp-pro) or by emailing [security-reports@posthog.com](mailto:security-reports@posthog.com).
We currently do not operate a bug bounty program, but we will generously reward you with merch for any actionable security vulnerabilities found.

2
contents/handbook/company/security-advisories.md
View File

@@ -22,7 +22,7 @@ For more information about our security practices, see our [main security page](
## Reporting security issues
If you discover a security vulnerability in PostHog products or services, please report it to us at **[security@posthog.com](mailto:security@posthog.com)**. Valid findings will be rewarded with PostHog swag.
Security vulnerabilities and other security related findings can be reported via our [vulnerability disclosure program](https://bugcrowd.com/engagements/posthog-vdp-pro) or by emailing [security-reports@posthog.com](mailto:security-reports@posthog.com). Valid findings will be rewarded with PostHog swag.
## Updating this page

15
contents/handbook/company/security.md
View File

@@ -80,17 +80,10 @@ Security vulnerabilities and other security related findings can be reported via
For information about current and past security advisories and CVEs, see our [advisories & CVEs page](/handbook/company/security-advisories).
## Secure communication (aka preventing or detecting social engineering)
## Reporting phishing
We have a few policies in place to prevent social engineering attacks.
If you receive a phishing or malicious email, it's useful to report it to the security team so that they can make other employees aware. Forward these emails to [security-internal@posthog.com](mailto:security-internal@posthog.com).
For our internal communications, we have the following policies:
- We do not use email for critical communications.
- We do not use SMS for critical communications.
- We do not use phone for critical communications.
## Secure communication (aka preventing social engineering)
-> We only use Slack for critical communications
In case you should receive a suspicious email or other form of communication, please do not click on any links or open any attachments. Instead, please contact the team or person directly via Slack. E.g. if someone claims to be James, send them a message on Slack and ask "James, am I in a call with you right now?". This is a great and easy way to verify if this is legit. The same goes for any other form of communication.
Please report any suspicious communications to `#project-security` on Slack.
We follow several best practices to combat social engineering attacks. See [Communication Methods](/handbook/company/communication#communication-methods) for more information.