To make a security vulnerability report, email firstname.lastname@example.org with the full details, including steps to reproduce the issue.
You can use Gravitational's security team PGP key attached to this article to encrypt information related to the security vulnerability.
Security CommitmentsTeleport is committed to providing a secure product to protect our customers to facilitate this we perform annual third party PenTest of our products and platform. Additionally we have SOC2 type II certification for our enterprise products and are pursuing certification for our cloud platform. Teleport conducts regular security vulnerability scanning of our code and infrastructure. High severity findings trigger an incident response and we are committed to notifying customers of critical vulnerabilities that effect the security of customer systems.