WE TAKE SECURITY SERIOUSLY!
Security is our top priority and we proactively look for ways to improve the security of our products, services, and infrastructure. Our security program is transparent so you can be confident when using our products and services, and infrastructure for mission-critical projects.
Report a Vulnerability
We welcome all contributions from our user community, developers, and security researchers to reinforce our product security. You could even be recognized in our security hall of fame for disclosing vulnerabilities responsibly!
We strongly encourage you to report security vulnerabilities to our private and highly confidential security mailing lists mentioned below, before disclosing them in any forums, sites or other groups - public or private.
| Scope | Email address | GPG key |
|---|---|---|
| Security issues relevant to Choreo | [email protected] |
E244 7A59 F1E0 9369 5CBA 3195 FF67 8AD2 84F9 6B9A Public Key |
| Security issues relevant to Asgardeo | [email protected] |
7EFB 2075 2A3D 65D0 0C15 33F1 79FD 52B8 1D17 AE48 Public Key |
| Security issues relevant to Open Healthcare | [email protected] | 987D 5905 4458 6364 B901 B13D 0AB1 AB05 A68A 1BBF Public Key |
| Security issues relevant to Ballerina | [email protected] | 0168 DA26 2989 0DB9 4ACD 8367 E683 061E 2F85 C381 Public Key |
| Any other security issues relevant to WSO2 | [email protected] | CB9B 0914 3E92 AE33 DFEA 5026 E251 CB08 CB61 38F2 Public Key |
If you wish to send secure messages to our security mailing lists, you may use the GPG keys mentioned above.
Read more on how to report a vulnerability
Security Acknowledgements
View a list of security researchers that reported security vulnerabilities in WSO2 products.
View AcknowledgementsSecurity Processes & Programs
Read about our security processes and programs to understand how we manage various aspects of security in our products.
Secure Software Development Process
How WSO2 enforces security practices at each phase of the Software Development Life Cycle.
Read about the ProcessVulnerability and Incident Management Process
How WSO2 manages security issues that are identified internally as well as reported by our customers and external researchers.
Read about the ProcessSecurity Reward and Acknowledgement Program
How WSO2 shows appreciation for responsibly disclosing vulnerabilities of its products.
Read about the Program
Security Guidelines
Read our guidelines to understand how to enforce security-first development and deployment practices.
Security Guidelines for Production Deployments
How to enhance the security of WSO2 products in your production deployment.
Read the GuidelineSecure Engineering Guidelines
Security best practices and processes followed in the SDLC of WSO2 products and services.
Read the Guideline
