Responsible Disclosure

Xaptum takes security very seriously and investigates all reported vulnerabilities. This page describes our practices for addressing potential vulnerabilities in all aspects of our products.

Reporting Suspected Vulnerabilities

Please email [email protected] to report any security vulnerabilities. We strongly encourage that you encrypt the disclosure emails. Our public key is available on this page below, from the PGP key server, or by emailing us directly.

So that we may more effectively respond to your report, please provide any supporting material (proof-of-concept code, tool output, etc.) that would be useful in helping us understanding the nature and severity of the vulnerability. The information you share with Xaptum as part of this process is kept confidential within Xaptum. It will not be shared with third parties without your permission.

We will acknowledge receipt of your vulnerability report by the next business day and assign it a tracking number. We will notify you after the vulnerability has been fixed. If you are curious about the status of your disclosure earlier, please feel free to email us again.

We do not provide monetary compensation for reporting vulnerabilities at this time. If desired we will publicly acknowledge your responsible disclosure after we have fixed the vulnerability and notified all affected parties. When possible, we prefer that our respective public disclosures be posted simultaneously.

Penetration Testing

Prior, written permission is required to conduct red teaming or other penetration testing against Xaptum products. You can apply by emailing [email protected] with details about your plans and experience. The Director of Security and VP of Engineering will review your plans. You will receive a response approving, denying, or requesting changes to your plans within seven business days.

PGP Public Key

Xaptum Security Contact <[email protected]>
ID: 59C291F7A57A284F
Fingerprint: 58B856E4E45D9BBB628CC65F59C291F7A57A284F


-----PGP PUBLIC KEY BLOCK-----
mQINBF0JBAUBEACmOG6DbzJGHEsdkQKefHPHGxJp6shZGIZhUX4kvS719j6FTrhn
vPjyhZ5weYRYEcx2ZO64rR8NbxBBIaK3tgrVQw9anq/8Hr4H4dZ2Ko2X8UoVx4jy
KXW2VaebNicoF0b4W27qXDgU+/sTFynTIsM/WBb1LSy5U3XyoszhJC6tnnqJKIO8
AfTv6iQa2KxumoYoZvsnvX/i0gpoUnZtEYTvjY3OZ2N101OjYSKlG/3wguTc+5rz
e9do43TO6FsekepijSR7RUfDevO0/xF/HqOhead1+vzD2cxxO0SAaGDZ2nZX6WzK
f0dgEHX8ZG93JXQgddTiK//GnUMAK64+DNuNk5++QfG2tCEh4v451pPavQi5eN04
a3Tdwk36WiTzZvs6J/04v2+f35j7kNM/33nfPhf2dReLoYo8XCfJ925atm/I7u2f
npD2ofbu54ENSbi1cG5EpYCtBW3hkPLLY3Hf9uYWDgJfLo9WZfVpM9N681Y+X21w
SD9XmYNf3I9eSbj2WcLSWDKXr4hSSuTV83zj0Ezi6mFmBwELZrANMzfmANS0VcTa
qzZ4CbCOk0RcE+HW6tJqhyvIUA5eZTlp34Z3CfFrjomgat5Ok7LD3jitrvdTAY/7
gUhvTy+sC+hWl54eeAzEqu/P9v/9iAWLraHWsa2T9LvmDTjmsBIwpjS8GQARAQAB
tC1YYXB0dW0gU2VjdXJpdHkgQ29udGFjdCA8c2VjdXJpdHlAeGFwdHVtLmNvbT6J
Ak4EEwEKADgWIQRYuFbk5F2bu2KMxl9ZwpH3pXooTwUCXQkEBQIbAwULCQgHAgYV
CgkICwIEFgIDAQIeAQIXgAAKCRBZwpH3pXooTycvD/9Cjy9e05OFfYCoaMKFnCTb
QBF9YKiHGAuxQ7JAc40LJFVH7kIe8bydqEWNLanyN1lxA8lJyX08dr46Vv0LDtmo
N/SilJ6Fe/tkKL4giz0fdklfRyW6560U3fxA0H4ihtwZSF0O9tuDAKnZj7DkVqOi
B8A3UE/+2MLdR1T/S6fYauFurks78p3xvJIGBqjDOyhzcZ2L/rmSUKv0VQ5Zw6gX
PPVrqtq4lthUu8H2JVqsV/TC0dfAfStTgJhsIqvxsFhTExzBGsKo2JKjvCAijC8R
pz37WGhf5R2hx2ojiIYCs6iviMtnNWdpyhxX7olM/2hmSPZaIdGuvCQUShygyZ3u
gCiz71HCzI8zy0RG2i5bg4jr7ePLYalaySlntpxV9mFBmYMpCaq3D0W7Afi0GZAg
ABgxT9JLxbUlyY5TIKz8rWeGu1rztwUXxMJ4lEypNjsyCJfsynjYMKYO1ypo5ryh
Hd18VptGrauF3PJ1br7eM+x2+h9YCAUi/krVU8Yaeo76l4AHM0p4xYZXIKuKLEOU
yAGhqNEVhSJP8P7WJf3N6xhqOXTayb0/GKsYlV3E4welJ0sgrb08+IwD3XbUSFnP
3Vibjw2FsUwHb43eUqD45D2vwrwkwMAYw893GGUtA0UVl4TSnqwRTcInml+mF9He
iZl4qoWISy0bIVxisScnW7kCDQRdCQxSARAAvgH547t4G1vr9a7TLNpM5GynFlwR
ptGAU/z02EEV5cI4Xht1pRxw4zB5aFRI0hHtAEDZ9rj0hk4OPy9pCCnxOBk4p97a
EzTYdapLmlGJwjLlhykVsnEI4yjlJfsgXHWq8tdfznqHoxoF2PL/mynpTQ11kBn4
8iP5oUMZ7U+5T1UuNmoCE8RCSIIhQFcrpQGpIm/BaOouHRK4MSF+PbVPZ9OqrVEa
V43Y1wbhaaXH3Lqx7X39chwu4SMNM+l4oTVE3JKjsZliEa4JqjzSmiZ9Xl9YxCGj
bSyF78YcSWy1oR38KEVrxB8vJslIezR3YWmrZw6o+rFrs6rLleMobZaHGgmRtuFh
odqvZ1xcxzjMj6y4LnvMjHUdfMpQ+Joybd4tA1q0GdUJa2jkQg58nTipMWLCnJ9x
aZhT7kEs+R5xEV9vZMlCOur8JGKKYDFh0rnqs3vPqJZCbJZkFybvmEeZy1nSe43r
Kz/hn8idcb7FVVXiexUICoQ7cYywLq+00XoNUcjqMpVpvUHu0RISWIyFO8spGjjd
iGQVT9HEGnnc4tNGziYt71+u1egtFfQC8Gkhl6bFEXMg/oKOYn2VHi7wIhuXdFIm
Hu88WBWPWKHwmUk9K91ha/MnvLPQVIg/RS0TGYcO03+la5ChZ1wE0tCG+Z6fezuy
MdBXfZEAdp9P/KMAEQEAAYkCPAQYAQoAJhYhBFi4VuTkXZu7YozGX1nCkfeleihP
BQJdCQxSAhsMBQkDwmcAAAoJEFnCkfeleihPDpcP/0lhujZSXYbtP7ScWbsl3ScF
svn/JvdTEc3epNlXced+AyZEXXcKsJa0FePztIEeW/8xvGOmlCOnNNe97igvbm9X
haelDZB6uVf0q9NE/AcrL/eqbVpk9gmhlTwaJPkvL4Yb2dDfK/xesPBP5VvWCEVZ
6txSDSahQd2F+W74t6CFaR2AESuGFqzZFfajLKdrUp31F+H9Z0ax/yoZAk0/U2eo
C6iElQJMzFAMg+OkF3U40+mEWBq7mybFtbahaf5Sq9c5brfVyf93xI7pi2pT4IDf
LRY4EiF7ckY2LhJ6Gs4cgs7xbs0NZR1RAxLwJE2ibQAOHJX/pULsqDZOvus/UkQi
iBc1wxD7gZdQE9f4+tZ9/qR44lBsIDMwgctOHTo6dFzDY2SipDi3EObeRhCqmnMW
wPMkeyGPxJmtdlxv0zwFvGeF2gArDUrdeOP+r0hvdNI8EQW3YNIhXTHFjSzd5kQl
kAmvvWh4yZe501vuKvQQEYyYLy4BuumnJTm/ObD+LH4KrIgaT0RkA9jSCDjn0Pfz
CCzcmkQxmegDSy6qQdaVsjViHVde5hNSVbufSt4/x/6MfRhX3+7HmCuFTKBpmRgx
qjtFzOTEkWR1tMoZLFocOHj9BMqh4fzRif1bG0OXcxj7DySZOkyZpo/4J99N4Eks
L496Fv7JbZo85y9HSytG
=zjfg
-----END PGP PUBLIC KEY BLOCK-----