-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #64 from pemtajo/master
Add SECURITY.md file
- Loading branch information
Showing
1 changed file
with
26 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
# Security Policy for Nubank Open Source Projects | ||
|
||
## Supported Versions | ||
|
||
Nubank supports the latest version of each of our open-source projects. Once a new version is released, we stop providing patches for security issues in older versions. | ||
|
||
## Reporting Security Issues | ||
|
||
Your efforts to responsibly disclose your findings are sincerely appreciated and will be taken into account to acknowledge your contributions. | ||
If you discover a vulnerability, please do the following: | ||
|
||
1. E-mail your findings to [[email protected]](mailto:[email protected]). If the issue is sensitive, please use [our PGP key](https://nubank.com.br/.well-known/security.txt) to encrypt your communications with us. | ||
2. Do not take advantage of the vulnerability or problem you have discovered. | ||
3. Do not reveal the problem to others until it has been resolved. | ||
4. Provide sufficient information to reproduce the problem so we can resolve it as quickly as possible. | ||
5. You will receive a response from us acknowledging receipt of your vulnerability report. | ||
6. You'll receive regular updates about our progress. | ||
7. Once the issue is resolved, we would like to mention your name in any dispatches about the issue so that we can credit you for your discovery. Please engage in responsible privacy practices when disclosing bugs to us, and we'll handle each report with utmost urgency. | ||
|
||
## Preferred Languages | ||
|
||
We prefer all communications to be in English. | ||
|
||
## Policy Adherence | ||
|
||
We greatly value your assistance in discovering and reporting vulnerabilities, and look forward to working with users who wish to help ensure Nubank's open-source projects' safety and security. Thank you for supporting Nubank's mission and helping ensure the highest levels of security for our community! |