Skip to content

Security: moov-io/infra

Security

.github/SECURITY.md

Security

Reporting a bug to Moov

Report security bugs in Moov's open-source code to security@moov.io.

Report security bugs in Moov Financial's code or products via HackerOne.

After submitting a report an acknowledged will be received within 5 days and you can expect a more detailed response after the investigation occurs. Moov may resolve issues prior to notifying the reporter.

Reporting a bug in a third party module

Security bugs in third party modules should be reported to their respective maintainers.

Disclosure policy

Moov Financial will work with the reporter on disclosure after resolutions are enacted, but an embargo will be in place for every report. Moov may take additional time to ensure no customer impact has occurred and systems are secure.

Feedback on this policy

If you have suggestions on how this process can be improved please open a pull request on SECURITY.md or create an issue to discuss.

There aren’t any published security advisories