!!! note "Please note"

Dasharo security email address is intended for responsible disclosure by
security researchers and others who discover legitimate security
vulnerabilities. Please do not attempt to contact us via this address unless
you can demonstrate an actual security vulnerability or provide us with
reasonable steps we could follow to verify your claims.

If you've discovered a security issue affecting Dasharo, either directly or indirectly (e.g., the issue affects Dasharo Tools Suite, which is commonly used to maintain Dasharo installation and updates), then we would be more than happy to hear from you! We promise to take all reported issues seriously. If our investigation confirms that an issue affects Dasharo, we will patch it within a reasonable time and release a public Dasharo Security Bulletin (DSB) that describes the issue, discusses the potential impact of the vulnerability, references applicable patches or workarounds, and credits the discoverer. Please use the Dasharo Security Team PGP key to encrypt your email to this address:

security at dasharo dot com

This key is signed by the 3mdeb Master Key.

When reporting a sensitive vulnerability not yet publicly known, You agree not to disclose such details publicly or to any third party other than a relevant CSIRT or ENISA until 3mdeb has had a reasonable period (typically expected to be up to 90 days, consistent with industry practices) to investigate, remediate, and coordinate disclosure. This allows for responsible handling of security issues while acknowledging that the general development process for non-critical aspects is public.