Airlock Security Advisories
Vulnerability Disclosure Policy
Last modified: April 24, 2025
As a vendor of a security software suite, we are dedicated to keeping our software secure. We welcome security researchers to reach out and report any potential vulnerabilities discovered in our products.
Scope
Subject to this vulnerability disclosure policy is the security suite “Airlock Secure Access Hub” including the components
- Airlock SaaS
- Airlock Identity and Access Management (IAM)
- Airlock Gateway
- Airlock Microgateway
deployed as self-contained application or in containerized form.
Reporting a vulnerability
Reports are accepted via email at security@airlock.com. We encourage you to encrypt your submission using our PGP public key.
Please provide a detailed technical explanation of the required steps to reproduce the issue, including descriptions of any tools used for identification or exploitation. Please attach screenshots and other supporting documents. We favor reports that include proof-of-concept code demonstrating how the vulnerability can be exploited. If your submission contains exploit code or scripts, please include them in a non-executable file format.
When reporting a vulnerability, you may include contact information and preferred communication details. We may reach out to clarify elements of your report or request additional technical details.
By submitting a report to Airlock, you confirm that neither the report nor its attachments infringe on any third-party intellectual property rights. You also grant Airlock a non-exclusive, royalty-free, worldwide, perpetual license to use, reproduce, create derivative works from, and publish the report and its attachments.
Disclosure
Airlock is committed to promptly addressing vulnerabilities that could impact our customers. We will acknowledge compliant reports within five (5) business days. We will validate your submission and address your findings as swiftly as possible. To protect users, please do not publish information about the submitted vulnerability until we have explicitly agreed to its disclosure.
If you act in good faith and in compliance with this policy, Airlock will collaborate with you to resolve the issue and will not pursue legal action related to your research.
Further information
Questions regarding this policy or the process of reporting a vulnerability may be sent to security@airlock.com.