Skip to content

Commit 9f28979

Browse files
authored
Add SECURITY.md (#92)
* docs: create SECURITY.md * docs: update SECURITY.md
1 parent 08d37a8 commit 9f28979

1 file changed

Lines changed: 55 additions & 0 deletions

File tree

SECURITY.md

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,55 @@
1+
# Security Policy
2+
3+
This repository adheres to the [PayPal Vulnerability Reporting Policy](https://hackerone.com/paypal).
4+
5+
## Reporting a Vulnerability
6+
7+
If you think you have found a vulnerability in this repository, please report it to us through coordinated disclosure.
8+
9+
**Please do not report security vulnerabilities through public issues, discussions, or pull requests.**
10+
11+
Instead, report it using one of the following ways:
12+
13+
* Email the PayPal Security Team at [security@paypal.com](mailto:security@paypal.com)
14+
* Submit through the [PayPal Bug Bounty Program](https://hackerone.com/paypal) on HackerOne
15+
* Report a [vulnerability](https://github.com/braintree/popup-bridge-ios/security/advisories/new) directly via private vulnerability reporting on GitHub
16+
17+
Please include the following in your report:
18+
19+
* The type of issue and affected version(s)
20+
* Step-by-step instructions to reproduce the issue
21+
* Impact of the issue and how an attacker might exploit it
22+
23+
## Supported Security Updates
24+
25+
### Security Issues
26+
27+
Only the latest release series receives patches and new versions in the case of a security issue. See our [deprecation policy](https://developer.paypal.com/braintree/docs/guides/client-sdk/deprecation-policy/ios/v7/) for details.
28+
29+
### Severe Security Issues
30+
31+
For severe security issues, we will provide new versions as above. Additionally, the last major release series may receive patches at our discretion. Severity classification is determined by the Braintree SDK team.
32+
33+
### Platform Support
34+
35+
| Platform | Supported Versions |
36+
| -------- | ------------------------------------------- |
37+
| iOS | Most recent version and 2 previous versions |
38+
39+
For details on supported platform versions, see our [deprecation policy](https://developer.paypal.com/braintree/docs/guides/client-sdk/deprecation-policy/ios/v7/).
40+
41+
## Disclosure Policy
42+
43+
We are committed to working with security researchers in good faith. To support responsible disclosure, our team will:
44+
45+
- Acknowledge your report in a timely manner
46+
- Keep you informed of our progress toward a fix
47+
- Notify you before any public disclosure
48+
49+
We ask that you:
50+
51+
- Do not publicly disclose the issue before it has been resolved
52+
- Avoid accessing, modifying, or deleting data that does not belong to you
53+
- Make a good faith effort to avoid disruption to production systems
54+
55+
We appreciate responsible disclosure and your efforts to keep Braintree SDK users safe.

0 commit comments

Comments
 (0)