Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add SECURITY.md file #24

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# Security Policy for Nubank Open Source Projects

## Supported Versions

Nubank supports the latest version of each of our open-source projects. Once a new version is released, we stop providing patches for security issues in older versions.

## Reporting Security Issues

Your efforts to responsibly disclose your findings are sincerely appreciated and will be taken into account to acknowledge your contributions.
If you discover a vulnerability, please do the following:

1. E-mail your findings to [[email protected]](mailto:[email protected]). If the issue is sensitive, please use [our PGP key](https://nubank.com.br/.well-known/security.txt) to encrypt your communications with us.
2. Do not take advantage of the vulnerability or problem you have discovered.
3. Do not reveal the problem to others until it has been resolved.
4. Provide sufficient information to reproduce the problem so we can resolve it as quickly as possible.
5. You will receive a response from us acknowledging receipt of your vulnerability report.
6. You'll receive regular updates about our progress.
7. Once the issue is resolved, we would like to mention your name in any dispatches about the issue so that we can credit you for your discovery. Please engage in responsible privacy practices when disclosing bugs to us, and we'll handle each report with utmost urgency.

## Preferred Languages

We prefer all communications to be in English.

## Policy Adherence

We greatly value your assistance in discovering and reporting vulnerabilities, and look forward to working with users who wish to help ensure Nubank's open-source projects' safety and security. Thank you for supporting Nubank's mission and helping ensure the highest levels of security for our community!
Loading