Skip to content

Security: cognitect/transit-tour

Security

SECURITY.md

Security Policy for Nubank Open Source Projects

Supported Versions

Nubank supports the latest version of each of our open-source projects. Once a new version is released, we stop providing patches for security issues in older versions.

Reporting Security Issues

Your efforts to responsibly disclose your findings are sincerely appreciated and will be taken into account to acknowledge your contributions. If you discover a vulnerability, please do the following:

  1. E-mail your findings to security@nubank.com.br. If the issue is sensitive, please use our PGP key to encrypt your communications with us.
  2. Do not take advantage of the vulnerability or problem you have discovered.
  3. Do not reveal the problem to others until it has been resolved.
  4. Provide sufficient information to reproduce the problem so we can resolve it as quickly as possible.
  5. You will receive a response from us acknowledging receipt of your vulnerability report.
  6. You'll receive regular updates about our progress.
  7. Once the issue is resolved, we would like to mention your name in any dispatches about the issue so that we can credit you for your discovery. Please engage in responsible privacy practices when disclosing bugs to us, and we'll handle each report with utmost urgency.

Preferred Languages

We prefer all communications to be in English.

Policy Adherence

We greatly value your assistance in discovering and reporting vulnerabilities, and look forward to working with users who wish to help ensure Nubank's open-source projects' safety and security. Thank you for supporting Nubank's mission and helping ensure the highest levels of security for our community!

There aren’t any published security advisories