Reporting security issues in Raptor products

The security of Raptor Services software is a primary concern and is taken seriously.

For more information on security in Raptor products, see Raptors Compliance page.

No engineering team is perfect though, and if you do discover a security issue in one of our products we are very grateful for your help in reporting it to us privately, and refraining from public disclosure until we have found the solution and distributed it. Thank you!

Channel

Report any security issues by email to [email protected].

Verbosity

Please be verbose when reporting issues. The issue will be solved faster if you include:

  • A title describing the gist of the issue in one sentence
  • A description which includes the steps you take to produce the problem, what you expect the result to be, and what actually happens.
  • Make it clear why you consider it a security issue. If you know, also include its type of security issue (example: SQL injection, CSRF, Role/Policy failure), its nature (example: slowing/stopping a web site, leaking sensitive information, destroying data, privilege escalation), and how easy it is to exploit (example: Does it require editor login?).

Dialogue

The engineering team may need your help to clarify certain specifics, so please respond to such inquiries. We keep you updated about the progress on our end.

Responsible disclosure

Please give the engineering team time to produce and distribute a solution before you disclose the issue on other channels, if you plan to do so. Please discuss the specifics with the team.

Attribution

If you want, we can include your name and/or the name of your organisation, a link, and short description about you in the security notification we send out with the fix. Thank you!