TBD Open Source Security Policy​

Security is a core principle built into the TBD ecosystem. In open finance, we are in the business of trust.

A secure environment not only protects our assets but also strengthens the relationships we have built throughout our community.

Reporting Security Vulnerabilities​

If you discover or suspect any security vulnerabilities within our open source projects, we encourage you to promptly report them to us via email at security@tbd.email. Your diligence in bringing such issues to our attention is invaluable in maintaining the integrity and security of our software.

Confidentiality and Collaboration​

Please do not open issues for security vulnerabilities in the project's public issue tracker or share in other public channels.

Our security response team consists of engineering leaders, security experts, TBD management, and the Head of Open Source. We will work with you to confirm the vulnerabilitity, remediate, and responsibily communicate recommended actions to the public.

Valid Security Reports​

A valid security report should include:

• Description of the vulnerability
• Steps to reproduce or exploit
• Potential impact

The more context you can provide, the better. This will help us reproduce your use case and potentially validate the vulnerability.

We appreciate you - and your efforts in protecting open finance and the global TBD Community.