Reporting security issues

Any security issues will be given top priority. Please be responsible and give Zato Source a chance to fix them before you disclose anything in public forums or lists.

Send an email explaining the situation to security@zato.io with a subject line of “Security report”. This is an address only trusted developers have access to.

You are encouraged to use this PGP key for contacting the developers securely, the key’s fingerprint is C7D4 8725 1884 9294 E4EF F6BD BCA1 151A E4C5 8D88.

Within 72 hours you will be notified of its reception and we will work with you through e-mail and other means on resolving the issue.

Once the situation will have been contained, a fix will be released, fully crediting you as the reporter of the issue.

Again, please, do not disclose anything publicly without contacting Zato Source first. We are as much interested in a more secure world as you are.