Securing our data is a top priority and we work hard to ensure our systems are protected against the latest threats. Any and all feedback or concerns are always welcome and wanted.
Send urgent or sensitive reports directly to firstname.lastname@example.org. Use our public key to keep your message safe and please provide us with a secure way to respond. We'll get back to you as soon as we can, usually within 24 hours. Please follow up or ping us on Twitter.
Have you discovered a web security flaw that might impact our products? Please let us know. If you submit a report, here's what will happen: We’ll acknowledge your report & tell you the best way to track the status of your issue.
We'll investigate the issue and determine how it impacts our products. We won’t disclose issues until our investigation is finished, but we’ll work with you to ensure we fully understand the issue.
Once the issue is resolved, we'll post a security update along with thanks and credit for the discovery.
Our products are built using many open source components. The issue you reported might affect any one of these components leveraged in our technology stack. We ask for your patience while we also make sure other companies and their customers are protected and any issues are disclosed responsibly. Either way, you’ll always have a Sonatype contact for your issue.
We respect the time and talent that drives new discoveries in web security technology. The following researchers and companies have gone out of their way to work with us to find, fix, and disclose security flaws safely: