Square recognizes the important contributions the security research community can make. Part of keeping Square's customers safe is making sure that we find and fix any security issues in our open source projects. If you find any vulnerabilities in any of our participating open source projects, send us a report. Even better, send us a fix!
Note: this program is to report issues in our open source projects. If you believe you have discovered a security vulnerability in one of Square's domains (squareup.com __, square.com __, or cash.me __), please report them athttps://hackerone.com/square.
Please do not open a pull request to fix an issue you're reporting. This would unnecessarily reveal any potential vulnerabilities. Instead, if you'd like to send us a fix, attach a patch file to the issue you open. You'll need to sign our Individual Contributor License Agreement __before any patches can be accepted.
Projects which are hosted at https://github.com/square/
__, which contain
BUG-BOUNTY.md file in the root directory, and only the latest code in the
master branch. Currently, the projects in scope are:
This program have been found on Hackerone on 2015-05-11.