At SecurePay, ensuring the safety and security of customer data is paramount. It underpins everything we do, and ensures we maintain the highest security standards across our products and services. We are committed to working with our customers, security researchers, and other third parties to respond to legitimate reported security vulnerabilities. We encourage the community to participate in our responsible reporting process.
If you would like to report a security vulnerability, please send an email to: email@example.com. Please provide your name, contact information, your PGP public key and company name (if applicable) with each report. We will acknowledge receipt of your vulnerability report within 2 days and send you regular updates about our progress. Please refrain from requesting compensation for reporting vulnerabilities.
Download the SecurePay PGP (encryption) Key here.
Responsible Disclosure Guidelines
To encourage responsible reporting, we will not take legal action against you providing you comply with the following Responsible Disclosure Guidelines:
- Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC);
- Do not cause service interruption including degradation of service or destruction of data;
- Do not access, modify, delete or share data that does not belong to you;
- Do not use social engineering techniques;
- Give SecurePay a reasonable time to correct the issue before sharing with any other party and/or person(s) or making any information public.
Third-party software security vulnerabilities
If security vulnerabilities reported to us affect a third-party code library, service or vendor, SecurePay reserves the right to forward details of the vulnerability to that party without further approval. We will do our best to coordinate and communicate with researchers through this process. SecurePay reserves the right to accept or reject any vulnerability disclosure coordination role at our discretion.
Any inquiries regarding this policy should be directed to firstname.lastname@example.org.