Expires: 2028-01-10T20:00:00.000Z

At TrustSource we are concerned with the security of your solutions. As our solutions are part of your solution, we also take the security of our solutions very serious. The following segments will help you finding your path across our security support offerings.

For information regarding the security of our solutions, you may

• get an understanding of the service status at our System Status Page
• understand your and our responsibilities by reading the Shared Security Responsibility Model
• follow our RSS feed on vulnerability disclosure at Vulnerability Disclosure Feed
• get the Meta data on our CSAF provider (beta)
• find tool or solution specific security information in the SECURITY.TXT provided in the root of each code repository

PLEASE DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO ANY OF THESE CONTACTS OR PAGES. USE THE INSTRUCTIONS BELOW FOR VULNERABILITY REPORTING TO ALLOW US A COORDINATED VULNERABILITY DISCLOSURE.

We appreciate and credit all security researchers and friends that support our and our clients security. You will find a list of people that successfully identified, reported a vulnerability in our services in our hall of fabulous security researchers. Occasionally we might run a bug bounty. If you are interested to be invited, feel free to reach out using our Security Contacts Form.

Please use the below process to report a vulnerability to us:

• Email to support @ trustsource.io using the subject Security Alert

  • Emails should contain:
    • description of the situation and brief issue
    • precise and detailed steps (include screenshots) that will let us reproduce the issue
    • the affected tool(s) and version(s)
    • if of relevance, your environment or
    • any possible mitigations, if known
    • your contact details, so that we may return with questions and know, whom to credit

• Please encrypt your message for preventing unwanted 3rd party access to your information by using our public PGP key:

  ​ TRUSTSOURCE PUBLIC KEY FOR VULNERABILITY DISCLOSURE

  ​ HOW TO ENCRYPT USING A PRIVATE KEY?

• You will receive a reply from one of our engineers within 1 working day acknowledging receipt of the email.

• You may be contacted by one of our engineers to further discuss the reported item. Please bear with us as we seek to understand the breadth and scope of thereported problem, recreate it, and confirm if there is a vulnerability present.

1. Please visit https://www.trustsource.io/contact-security
   • You will receive a confirmation email upon submission
2. You may be contacted by one of our engineers to further discuss the reported item within 1 working day. Please bear with us as we seek to understand the breadthand scope of the reported problem, recreate it, and confirm if there is a vulnerability present.

We will process the information as fast as possible. However, depending on clarity of documentation, impact and mitigation options this may take a while. However, you may assume that we will stick to a 90 days disclosure timeline max.