Our commitment to security

We're building products for the security community. That means we our products to be tested by our users, whether we ask them to or not  (and we're fine with that). We ensure that security is baked in as early as possible, through selection of mature development frameworks, through to ensuring security is part of our peer review (pull request) process.

Security vulnerabilities and disclosure policy

Our customers can use the ticketing system to record security issues. For non-customers, please feel free to email us at team@checksec.com.

We treat all serious security issues as Level 1 severities and aim to respond within 1 hour (during normal operating hours).

We are happy to work with you on disclosing security issues publicly. We aim to provide as much transparency as possible to our customers on security issues.

Bug bounty program

Work in progress.

Our publicly disclosed security issues to date

• https://nvd.nist.gov/vuln/detail/CVE-2018-9036