Security Vulnerability
Reporting and Disclosure

Our mission is to enable our customers to defend their organizations against advanced, evasive malware that cause costly data breaches. In support of our mission, we commit to dealing with reports for vulnerabilities in our products and services quickly, responsibly, and carefully.

By “security vulnerability” we mean an unintended weakness in a product/service that could allow an attacker to compromise the integrity, availability, or confidentiality of the product/service.

If you believe to have found a security vulnerability, please report it directly to security@lastline.com. To ensure confidentiality, we encourage you to encrypt any sensitive information you send us via e-mail. You can find our PGP key by clicking the button below.

When submitting a vulnerability report, please include as much of the following information as possible:

  • Organization and contact name
  • Affected products or services and their versions
  • Description of the potential vulnerability and impact
  • Steps to reproduce the issue
  • Supporting technical details (e.g., system configuration, sample packet capture, proof of concept, etc.)
  • Whether public recognition is requested
  • Any additional pertinent information

For Researchers

Upon receipt of a vulnerability report, we will:

  • Acknowledge receipt of the submitted report within 24 hours and communicate a way to track its status
  • Investigate and determine how it affects our products or services
  • If the vulnerability is confirmed, address it and release an update
  • Publicly announce the vulnerability in the release notes of the update
  • Include a reference to the person/people who reported the vulnerability, unless otherwise requested
  • Publicly disclose reports only when our investigation is completed and the reporting party agrees with its resolution

For Lastline Customers

Upon receipt of a vulnerability report, we will:

  • Acknowledge receipt of the submitted report within 24 hours and communicate a way to track its status
  • Investigate and determine how it affects our products or services
  • If the vulnerability is confirmed, address it and release an update
  • Publicly announce the vulnerability in the release notes of the update
Experience Lastline’s AI-powered Cybersecurity for Yourself