Skip to content

Commit d9567ba

Browse files
committed
Add SECURITY.md
1 parent 94d1852 commit d9567ba

1 file changed

Lines changed: 41 additions & 0 deletions

File tree

SECURITY.md

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
# Security Policy
2+
3+
This repository adheres to the [PayPal Vulnerability Reporting Policy](https://hackerone.com/paypal).
4+
5+
## Reporting a Vulnerability
6+
7+
If you think you have found a vulnerability in this repository, please report it to us through coordinated disclosure.
8+
9+
**Please do not report security vulnerabilities through public issues, discussions, or pull requests.**
10+
11+
Instead, report it using one of the following ways:
12+
13+
* Email the PayPal Security Team at [security@paypal.com](mailto:security@paypal.com)
14+
* Submit through the [PayPal Bug Bounty Program](https://hackerone.com/paypal) on HackerOne
15+
* Report a [vulnerability](https://github.com/braintree/wrap-promise/security/advisories/new) directly via private vulnerability reporting on GitHub
16+
17+
Please include the following in your report:
18+
19+
* The type of issue and affected version(s)
20+
* Step-by-step instructions to reproduce the issue
21+
* Impact of the issue and how an attacker might exploit it
22+
23+
## Supported Security Updates
24+
25+
Only the latest release receives security patches and new versions in the case of a security issue.
26+
27+
## Disclosure Policy
28+
29+
We are committed to working with security researchers in good faith. To support responsible disclosure, our team will:
30+
31+
- Acknowledge your report in a timely manner
32+
- Keep you informed of our progress toward a fix
33+
- Notify you before any public disclosure
34+
35+
We ask that you:
36+
37+
- Do not publicly disclose the issue before it has been resolved
38+
- Avoid accessing, modifying, or deleting data that does not belong to you
39+
- Make a good faith effort to avoid disruption to production systems
40+
41+
We appreciate responsible disclosure and your efforts to keep Braintree SDK users safe.

0 commit comments

Comments
 (0)