This policy outlines the procedures for reporting and addressing security vulnerabilities related to Coda Payments. Security researchers who interact with Coda Payments’ products and services are encouraged to report any potential or identified vulnerabilities in our system by sending us an email following the template given below.
1. Responsible Disclosure
We appreciate your effort in securing our systems. If you believe you have discovered a security vulnerability in our systems, you are strongly encouraged to adhere to the following steps:
2. Reporting Vulnerabilities
Please report ONE security vulnerability per email. To report a security vulnerability, please get in touch with us by sending an email to email@example.com with the templates below:
Subject: Security Vulnerability Report
TITLE: <Vulnerability Title>
TYPE: <Vulnerability Type>
ENDPOINTS: <Affected Endpoint(s) (separated in commas for multiple endpoints)>
Attachment: *PDF Report File* (Report Template)
Please refer to the attached sample report file above and provide a detailed description of the vulnerability, including but not limited to, screenshots, video, PoC code, or logs. Once completed, please attach your report in PDF format, and send it to us.
3. Vulnerability Validation Process
After receiving the vulnerability report, we will follow a series of steps to validate the reported vulnerability:
4. a) In scope
The below list of URLs is in scope for the bug bounty program:
6. Legal Considerations
We appreciate your efforts to disclose vulnerabilities to us responsibly and by submitting the report to us, you agree to be bound by the following terms and conditions:
7. Bounty Rewards
We offer rewards to security researchers who responsibly disclose vulnerabilities that exist in in-scope systems and can demonstrate that the vulnerabilities are exploitable. The value is determined based on severity as follows:
All information in this policy is subject to change without notice. Please review this policy periodically for any updates.