Responsible Vulnerability Disclosure

We take security serious. That is why we have developed TrustSource and this is why we are keen in providing our users with insights and advice on how to best handle Known Vulnerabilities within our solutions. In general you may expect us to follow the principles of the CMU Coordinated Vulnerability Disclosure Policy. Below you will find the list of Known Vulnerabilities concerning our solutions as well as our advice (via VEX).

– In case you have further questions, please feel free to send your questions to vulnerabilities@trustsource.io.

– If you want to learn how to setup such a page, go to our knowledgebase.

– If you want us to provide you such a page as a service, contact sales@eacg.de

– If you believe, you have found a vulnerability in our code, please send an eMail answering as many as possible of the following questions :

• What type of issue did you discover?
• Which source files (path) are related to the issue?
• Which source code (tag/branch/commit) is affected?
• Is a specific configuration required to reproduce the issue?
• What needs to be done, to reproduce the issue?
• Do you, by any chance, have a poc/exploit code?
• What impact does your dsicovery have from your point of view?

Please do not hesitate contacting us, even if you will not be able to answer some of the questions above! We are happy to learn about every potential weakness we oversaw. To keep your discovery private, please encrypt the message using our public key: