Branch is a rapidly growing and security-driven company. We believe in delivering the product with the least risk and threat associated with each public-facing Branch's resources/services.
If you are interested in finding technical application and workflow issues that can be exploited, we appreciate your help. We recommend submitting such issues as soon as possible.
Our team will investigate the security reports and resolve the issue within a reasonable time frame. We offer a monetary bounty for legitimate security reports based on their severity, complexity, and impact via the BugCrowd platform as a token of appreciation.
The expectation is to respect all the terms and conditions of the Branch's Bug Bounty Program. Non-adherence or non-compliance will lead to disqualification. A serious breach may also lead to suspension of the account and existing access controls.
In addition to these Terms and Conditions (the “Agreement”) regarding the Branch Responsible Disclosure Program (the “Program”), there may be additional restrictions depending upon applicable local laws.
BRANCH RESERVES THE RIGHT TO MODIFY OR CANCEL THE BRANCH RESPONSIBLE DISCLOSURE PROGRAM AT ANY TIME WITHOUT NOTICE. ALL PARTICIPANTS AND SUBMISSIONS ARE STRICTLY VOLUNTARY. THIS OFFER IS VOID WHERE PROHIBITED BY LAW AND IN PARTICIPATING, YOU MUST NOT VIOLATE ANY LAW. YOU ALSO MUST NOT DISRUPT ANY SERVICE OR COMPROMISE ANYONE’S DATA.
Branch Responsible Disclosure program powered by BugCrowd. Kudos per vulnerability