Reporting Security Issues¶
We appreciate your concern¶
We recognize how important it is to help protect your privacy and security. As a company, not only do we have a vested interest in maintaining the trust you place in us and our products, but also a deep desire to see the Internet remain as safe as possible for us all.
So, needless to say, we take security issues very seriously.
Spotting major security issues¶
If you believe you have discovered a vulnerability in OroPlatform, OroCRM or OroCommerce or have a security incident to report, please contact our dedicated email support firstname.lastname@example.org
If you feel the need, please use our PGP public key to keep your message safe and please provide us with a secure way to respond.
This is our PGP key which is valid until March 08, 2017.
- Key ID: 0x1D8F7D880A764A8E
- Fingerprint: CE2A FEE0 72B9 4E7F F928 0F4B 1D8F 7D88 0A76 4A8E
- Full key: https://keybase.io/orocrm/key.asc or http://pgp.mit.edu/pks/lookup?op=get&search=0x1D8F7D880A764A8E
When properly notified of legitimate issues, we will do our best to acknowledge your emailed report, assign resources to investigate the issue and fix potential problems as quickly as possible.
Responsible disclosure is the industry best practice, and we recommend it as a procedure to anyone researching security vulnerabilities. It allows individuals to notify companies of any security threats before going public with the information. This gives software vendors like us a chance to resolve the problem before the criminally-minded become aware of it.
We will not disclose security issues until our internal investigation is finished, but we will work with you to ensure we fully understand the issue. Once the issue is resolved, we will post a security update along with a thanks and credit for the discovery. We ask for your patience while we make sure all users of our products are protected.