Responsible Disclosure

STRATIS cares very deeply about maintaining the trust that our customers and users place in us. Therefore, we take the security of our products very seriously. If you are a security researcher and have discovered a vulnerability in our web site or products, we appreciate your help in disclosing this to us in accordance with this Responsible Disclosure Policy.


Responsible Disclosure helps increase security for affected organizations and the community as a whole. Please follow the guidelines below:

  • Don’t disclose a bug or vulnerability on public notice boards, mailing lists or other public forums, prior to Responsible Disclosure and an appropriate opportunity for it to be fixed
  • Do not utilize an exploit to view data without authorization, or compromise the confidentiality of the data
  • Do not perform an attack that would impact the reliability / availability of services. DDoS/Spam attacks are not allowed
  • Don’t use scanners or automated tools to find vulnerabilities. They can have unintended consequences or impact
  • Never attempt non-technical attacks, such as social engineering, phishing or physical attacked against our employees or infrastructure

How to Report an Issue.
If you believe you have discovered a vulnerability in our software, gateways, or websites, please contact Please do not publicly disclose suspected vulnerabilities without prior written consent from STRATIS.

In reporting vulnerabilities, please send details of:

  • Suspected vulnerability
  • Steps to enable us to reproduce the issue
  • Your email address and secure mechanism to contact you
  • Your name (and/or colleagues) if you would like to be recognized on this page, e.g., your twitter handle or website as it should be displayed
  • You can use the PGP public key below to encrypt your email communication to us. Please include a secure contact mechanism for us to contact you

The STRATIS security team commitment:
We ask that you do not share or publicize an unresolved vulnerability with/to third parties. If you responsibly submit a vulnerability report, the STRATIS security team and associated development organizations will use reasonable efforts to:

  • Respond in a timely manner, acknowledging receipt of your vulnerability report
  • Provide an estimated time frame for addressing the vulnerability report
  • Notify you when the vulnerability has been fixed

We are happy to thank every individual researcher who submits a vulnerability report helping us improve our overall security posture at STRATIS.

Response and Recognition.

To acknowledge the first person who alerts us to previously unknown vulnerabilities, we will show our gratitude by placing their name in the Acknowledgements list below. We do not offer a bug bounty program at this time and compensation requests will not be considered in compliance with this Responsible Disclosure Policy.

STRATIS thanks the following individuals and organizations that have identified vulnerabilities in accordance with this Responsible Disclosure Policy:

PGP Key: