WE TAKE SECURITY SERIOUSLY!

Security is our top priority and we proactively look for ways to improve the security of our products. Our security program is transparent so you can be confident when using our products for mission-critical projects.

Report a Vulnerability

We welcome all contributions from our user community, developers, and security researchers to reinforce our product security. You could even be recognized in our security hall of fame for disclosing vulnerabilities responsibly!

We strongly encourage you to report security vulnerabilities to our private and highly confidential security mailing list: security@wso2.com first, before disclosing them in any forums, sites or other groups - public or private.

If you wish to send secure messages to security@wso2.com, you may use the following key: security@wso2.com: F0AB 72EC D77A 6162 4C48 A245 0CF3 FD36 E100 FF07 pgp.mit.edu

Read more on how to report a vulnerability
Security Patches

Security Patches

View and download a comprehensive list of security patches for WSO2 products.

GET PATCHES
Security Advisories

Security Advisories

View security advisories for WSO2 products.

VIEW ADVISORIES
Security Hall of Fame

Security Acknowledgements

View a list of security researchers that reported security vulnerabilities in WSO2 products.

View Acknowledgements

Security Processes & Programs

Read about our security processes and programs to understand how we manage various aspects of security in our products.

Secure Software Development Process

How WSO2 enforces security practices at each phase of the Software Development Life Cycle.

Read about the Process

Vulnerability and Incident Management Process

How WSO2 manages security issues that are identified internally as well as reported by our customers and external researchers.

Read about the Process

Security Reward and Acknowledgement Program

How WSO2 shows appreciation for responsibly disclosing vulnerabilities of its products.

Read about the Program


Security Guidelines

Read our guidelines to understand how to enforce security-first development and deployment practices.

Security Guidelines for Production Deployments

How to enhance the security of WSO2 products in your production deployment.

Read the Guideline

Secure Engineering Guidelines

Security best practices and processes followed in the SDLC of WSO2 products and services.

Read the Guideline

This website uses cookies so that we can provide you with the best user experience. Read our Cookie Policy to find out more.

If you wish to disable cookies you can do so from your browser.

I Understand