Thank you for working with Onapsis to help ensure we can provide a timely response to any security issues in our products. We are committed to working with researchers to fully understand an issue and providing a resolution to resolve it.

To ensure that we have the information required to properly evaluate a reported issue, Onapsis asks that you include the following information in any bug report:

  • The affected product or resource (e.g. X1, OSP, Onapsis web site), the version of the software, and the platform you are using (e.g. Windows 7, Debian Linux, Ubuntu Linux, Mac).
  • A description of the issue explaining the vulnerability, including the impact to the user(s) or system. This should clearly describe how the issue crosses privilege boundaries.
  • Any caveats or conditions required to exploit the issue. Indicate if there are any non-default system settings, custom configurations, required user interaction, or anything else that would limit the attack.
  • A proof-of-concept or functional exploit that demonstrates the issue. If a proof-of-concept is not available, please include any relevant logs generated from your testing.

During the evaluation process, Onapsis will keep you updated on our status for resolving the issue.

If you are an Onapsis customer or partner, please use the Customer Portal to submit a service request for any security vulnerability you believe you have discovered in an Onapsis products. If you are not a customer or partner, please email [email protected] with your discovery. We encourage using an email encryption with our encryption key when emailing Onapsis Security.