Found a security issue in a Telos product? We want to hear about it.
Before submitting, please review our Security Policy for scope, safe-harbor terms, and our response commitments.
How to submit
Email: security@gettelos.com
For sensitive reports, request our PGP public key by emailing security@gettelos.com, or propose another secure channel.
What to include
A complete report makes triage faster and gets you an answer (and credit) sooner. Please include:
- A clear description of the issue and its potential impact
- Step-by-step reproduction instructions, including proof-of-concept, payloads, and affected URLs
- Screenshots, request/response captures, or logs that demonstrate the issue
- The browser, operating system, and any tooling used
- The name or handle you would like used if you would like public credit
- Whether you have shared this issue with anyone else, and if so, with whom
What happens next
- Acknowledgment — we confirm receipt within five (5) business days.
- Triage — we assess severity and provide an expected remediation timeline.
- Remediation — we keep you informed as we work on a fix.
- Disclosure — we coordinate timing with you and, with your consent, credit you publicly once the issue is resolved.
The full terms of our program — including in-scope and out-of-scope targets, safe-harbor protections, coordinated-disclosure expectations, and our commitments to you — are set out in our Security Policy.
Thank you for helping keep Telos and our customers safe.