Skip to content

Security: code-payments/code-android-app

Security

SECURITY.md

Security and Issue Disclosures

In the interest of protecting the security of our users and their funds, we ask that if you discover any security vulnerabilities in the Code SDK, the clients, the packages, the on-chain smart contracts, or the mobile app, you report them using the following proceedure. Our security team will review your report. Your cooperation in maintaining the security of our products is appreciated.

⚠️ DO NOT CREATE A GITHUB ISSUE to report a security problem

Security Policy

  1. Reporting security problems
  2. Security Bug Bounties
  3. Incident Response Process

Reporting security problems in the Code Program Library

Please use this Report a Vulnerability link. Provide a helpful title and detailed description of the problem.

If you haven't done so already, please enable two-factor auth in your GitHub account.

Expect a response as fast as possible in the advisory, typically within 72 hours.

Bounty

Code Inc may offer bounties for critical security issues. Either a demonstration or a valid bug report is all that's necessary to submit a bug bounty. A patch to fix the issue isn't required.

Process

If you do not receive a response in the advisory, send an email to security@getcode.com with the full URL of the advisory you have created. DO NOT include attachments or provide detail sufficient for exploitation regarding the security issue in this email. Only provide such details in the advisory.

If you do not receive a response from security@getcode.com please followup with the team directly.

There aren’t any published security advisories