Security

Here at StackStorm we take security very seriously. If you believe you found a security issue or a vulnerability, please report it to us using one of the methods described below.

Reporting a Vulnerability

Note

Please do not report security issues using our public Github repository or Slack chat. Use the private mailing list described bellow.

If you believe you found a security issue or a vulnerability, please send a description of it to our private mailing list at info [at] stackstorm [dot] com

Once you’ve submitted an issue, you should receive an acknowledgment from one our of team members in 48 hours or less. If further action is necessary, you may receive additional follow-up emails.

How Are Vulnerabilities Handled

We follow the industry de facto standard of Responsible Disclosure for handling security issues. This means we disclose the issue only after a fix or mitigation for the issue has been released.

We of course always give full credit to people who have reported the issue.