While we do not have a formalized bug bounty program at this time, we will happily reward people who ethically report vulnerabilities and security bugs in our products.
Report a vulnerability in an SSH.COM product
Report a Vulnerability
Please use this form only for reporting security vulnerabilities in SSH.COM products (including PrivX, Tectia, Universal SSH Key Manager, CryptoAuditor). Also non-customers are welcome to report security vulnerabilities. This is not a general support page and we do not provide product support via this page.
For existing customers with access to the support site, we recommend reporting any vulnerabilities via the secure support site.
Please note that we do not handle bug reports or provide support for Open Source implementations not maintained by us, even if they are available for download on this site. Please address such reports and inquiries directly to the maintainers and community forums for such implementations.
You can also use firstname.lastname@example.org email address to send the vulnerability related information to us.