Responsible Disclosure


Xaptum takes security very seriously and investigates all reported vulnerabilities. This page describes our practices for addressing potential vulnerabilities in all aspects of our products. Please email security@xaptum.com to report any security vulnerabilities. We strongly encourage that you encrypt the disclosure emails. Our public key is available on this page below, from the PGP key server, or by emailing us directly.

So that we may more effectively respond to your report, please provide any supporting material (proof-of-concept code, tool output, etc.) that would be useful in helping us understanding the nature and severity of the vulnerability. The information you share with Xaptum as part of this process is kept confidential within Xaptum. It will not be shared with third parties without your permission.

We will acknowledge receipt of your vulnerability report by the next business day and assign it a tracking number. We will notify you after the vulnerability has been fixed. If you are curious about the status of your disclosure earlier, please feel free to email us again.

We do not provide monetary compensation for reporting vulnerabilities at this time. If desired we will publicly acknowledge your responsible disclosure after we have fixed the vulnerability and notified all affected parties. When possible, we prefer that our respective public disclosures be posted simultaneously. Prior, written permission is required to conduct red teaming or other penetration testing against Xaptum products. You can apply by emailing security@xaptum.com with details about your plans and experience. The Director of Security and VP of Engineering will review your plans. You will receive a response approving, denying, or requesting changes to your plans within seven business days.
  • Xaptum Security Contact <security@xaptum.com>
  • ID: 59C291F7A57A284F
  • Fingerprint: 58B856E4E45D9BBB628CC65F59C291F7A57A284F
  • 
    -----PGP PUBLIC KEY BLOCK-----
    mQINBF0JBAUBEACmOG6DbzJGHEsdkQKefHPHGxJp6shZGIZhUX4kvS719j6FTrhn
    vPjyhZ5weYRYEcx2ZO64rR8NbxBBIaK3tgrVQw9anq/8Hr4H4dZ2Ko2X8UoVx4jy
    KXW2VaebNicoF0b4W27qXDgU+/sTFynTIsM/WBb1LSy5U3XyoszhJC6tnnqJKIO8
    AfTv6iQa2KxumoYoZvsnvX/i0gpoUnZtEYTvjY3OZ2N101OjYSKlG/3wguTc+5rz
    e9do43TO6FsekepijSR7RUfDevO0/xF/HqOhead1+vzD2cxxO0SAaGDZ2nZX6WzK
    f0dgEHX8ZG93JXQgddTiK//GnUMAK64+DNuNk5++QfG2tCEh4v451pPavQi5eN04
    a3Tdwk36WiTzZvs6J/04v2+f35j7kNM/33nfPhf2dReLoYo8XCfJ925atm/I7u2f
    npD2ofbu54ENSbi1cG5EpYCtBW3hkPLLY3Hf9uYWDgJfLo9WZfVpM9N681Y+X21w
    SD9XmYNf3I9eSbj2WcLSWDKXr4hSSuTV83zj0Ezi6mFmBwELZrANMzfmANS0VcTa
    qzZ4CbCOk0RcE+HW6tJqhyvIUA5eZTlp34Z3CfFrjomgat5Ok7LD3jitrvdTAY/7
    gUhvTy+sC+hWl54eeAzEqu/P9v/9iAWLraHWsa2T9LvmDTjmsBIwpjS8GQARAQAB
    tC1YYXB0dW0gU2VjdXJpdHkgQ29udGFjdCA8c2VjdXJpdHlAeGFwdHVtLmNvbT6J
    Ak4EEwEKADgWIQRYuFbk5F2bu2KMxl9ZwpH3pXooTwUCXQkEBQIbAwULCQgHAgYV
    CgkICwIEFgIDAQIeAQIXgAAKCRBZwpH3pXooTycvD/9Cjy9e05OFfYCoaMKFnCTb
    QBF9YKiHGAuxQ7JAc40LJFVH7kIe8bydqEWNLanyN1lxA8lJyX08dr46Vv0LDtmo
    N/SilJ6Fe/tkKL4giz0fdklfRyW6560U3fxA0H4ihtwZSF0O9tuDAKnZj7DkVqOi
    B8A3UE/+2MLdR1T/S6fYauFurks78p3xvJIGBqjDOyhzcZ2L/rmSUKv0VQ5Zw6gX
    PPVrqtq4lthUu8H2JVqsV/TC0dfAfStTgJhsIqvxsFhTExzBGsKo2JKjvCAijC8R
    pz37WGhf5R2hx2ojiIYCs6iviMtnNWdpyhxX7olM/2hmSPZaIdGuvCQUShygyZ3u
    gCiz71HCzI8zy0RG2i5bg4jr7ePLYalaySlntpxV9mFBmYMpCaq3D0W7Afi0GZAg
    ABgxT9JLxbUlyY5TIKz8rWeGu1rztwUXxMJ4lEypNjsyCJfsynjYMKYO1ypo5ryh
    Hd18VptGrauF3PJ1br7eM+x2+h9YCAUi/krVU8Yaeo76l4AHM0p4xYZXIKuKLEOU
    yAGhqNEVhSJP8P7WJf3N6xhqOXTayb0/GKsYlV3E4welJ0sgrb08+IwD3XbUSFnP
    3Vibjw2FsUwHb43eUqD45D2vwrwkwMAYw893GGUtA0UVl4TSnqwRTcInml+mF9He
    iZl4qoWISy0bIVxisScnW7kCDQRdCQxSARAAvgH547t4G1vr9a7TLNpM5GynFlwR
    ptGAU/z02EEV5cI4Xht1pRxw4zB5aFRI0hHtAEDZ9rj0hk4OPy9pCCnxOBk4p97a
    EzTYdapLmlGJwjLlhykVsnEI4yjlJfsgXHWq8tdfznqHoxoF2PL/mynpTQ11kBn4
    8iP5oUMZ7U+5T1UuNmoCE8RCSIIhQFcrpQGpIm/BaOouHRK4MSF+PbVPZ9OqrVEa
    V43Y1wbhaaXH3Lqx7X39chwu4SMNM+l4oTVE3JKjsZliEa4JqjzSmiZ9Xl9YxCGj
    bSyF78YcSWy1oR38KEVrxB8vJslIezR3YWmrZw6o+rFrs6rLleMobZaHGgmRtuFh
    odqvZ1xcxzjMj6y4LnvMjHUdfMpQ+Joybd4tA1q0GdUJa2jkQg58nTipMWLCnJ9x
    aZhT7kEs+R5xEV9vZMlCOur8JGKKYDFh0rnqs3vPqJZCbJZkFybvmEeZy1nSe43r
    Kz/hn8idcb7FVVXiexUICoQ7cYywLq+00XoNUcjqMpVpvUHu0RISWIyFO8spGjjd
    iGQVT9HEGnnc4tNGziYt71+u1egtFfQC8Gkhl6bFEXMg/oKOYn2VHi7wIhuXdFIm
    Hu88WBWPWKHwmUk9K91ha/MnvLPQVIg/RS0TGYcO03+la5ChZ1wE0tCG+Z6fezuy
    MdBXfZEAdp9P/KMAEQEAAYkCPAQYAQoAJhYhBFi4VuTkXZu7YozGX1nCkfeleihP
    BQJdCQxSAhsMBQkDwmcAAAoJEFnCkfeleihPDpcP/0lhujZSXYbtP7ScWbsl3ScF
    svn/JvdTEc3epNlXced+AyZEXXcKsJa0FePztIEeW/8xvGOmlCOnNNe97igvbm9X
    haelDZB6uVf0q9NE/AcrL/eqbVpk9gmhlTwaJPkvL4Yb2dDfK/xesPBP5VvWCEVZ
    6txSDSahQd2F+W74t6CFaR2AESuGFqzZFfajLKdrUp31F+H9Z0ax/yoZAk0/U2eo
    C6iElQJMzFAMg+OkF3U40+mEWBq7mybFtbahaf5Sq9c5brfVyf93xI7pi2pT4IDf
    LRY4EiF7ckY2LhJ6Gs4cgs7xbs0NZR1RAxLwJE2ibQAOHJX/pULsqDZOvus/UkQi
    iBc1wxD7gZdQE9f4+tZ9/qR44lBsIDMwgctOHTo6dFzDY2SipDi3EObeRhCqmnMW
    wPMkeyGPxJmtdlxv0zwFvGeF2gArDUrdeOP+r0hvdNI8EQW3YNIhXTHFjSzd5kQl
    kAmvvWh4yZe501vuKvQQEYyYLy4BuumnJTm/ObD+LH4KrIgaT0RkA9jSCDjn0Pfz
    CCzcmkQxmegDSy6qQdaVsjViHVde5hNSVbufSt4/x/6MfRhX3+7HmCuFTKBpmRgx
    qjtFzOTEkWR1tMoZLFocOHj9BMqh4fzRif1bG0OXcxj7DySZOkyZpo/4J99N4Eks
    L496Fv7JbZo85y9HSytG
    =zjfg
    -----END PGP PUBLIC KEY BLOCK-----