Reporting security issues


#1

Not exactly a technical issue, but what is the recommended way to report potential security issues.
I would really like to give Spryker the opportunity to fix such issues in a fitting time period instead of disclosing them in a public forum.
My intention is not to keep them for myself, but to reduce the risk for all Spryker customers which comes with public disclosure.

The ideal would be a mail address with a public GPG key, but I would be happy as well to have a channel where I can at least discuss such issues without making them public already.


#2

You can send email to academy@spryker.com and elaborate on the found issues.


#3

Hey guys,

Please notify us via security@spryker.com.
Security issues will be investigated with a high prio.