Merge pull request #1 from transferwise/feature/security

Add initial version of SECURITY.md
louis-tw · Mar 16, 2020 · 0720fdc · 0720fdc
2 parents 8dc4027 + f4b51ea
commit 0720fdc
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -1 +1,21 @@
 # Reporting Security Issues
+
+This document outlines security procedures and general policies for public code repositories
+in the `transferwise/*` organization.
+
+## Reporting a vulnerability
+
+If you have found a security issue in one of our public repositories, we ask you to report it
+through our responsible disclosure program. You can find the full description of the program
+from [transferwise.com/responsible-disclosure](https://transferwise.com/responsible-disclosure).
+
+Your report will be triaged and responded to in Bugcrowd.
+
+### Alternative means of contact
+
+If you prefer to get in touch via e-mail, the contact details of our SOC are available
+from [transferwise.com/security.txt](https://transferwise.com/.well-known/security.txt).
+
+Note that direct reports over e-mail will not reach our managed bug bounty program and
+are not rewardable.
+