Submit a Security Vulnerability

Submit a Streams Security Vulnerability

Why Submit?

At 21CS, safeguarding the security of our products and services is paramount. We recognize the importance of promptly addressing any potential security vulnerabilities that may arise. If you believe you have discovered a security vulnerability in any 21CS software product, we encourage you to report it to our Security Team immediately.

Information Recommended for Vulnerability Submissions

To help us address security vulnerabilities efficiently, please include the following details in your secure message, if available:

• Contact information.
• Vulnerability type including the name and version of the affected component (e.g., software, firmware). Any Streams patches or updates you have installed.
• Root cause including details about the environment where the vulnerability was discovered (e.g., operating system version, hardware).
• Steps to reproduce the vulnerability, if known.
• Potential impact of the vulnerability if exploited.
• Estimated severity of the issue using CVSS standards.
• Any proposed recommendations for fixing the issue.

How to Report a Security Vulnerability

21CS Security utilizes OpenPGP encryption for secure communication. You can download our public PGP key below and send it to securityvulnerabilityreports-streams@21cs.com. To report a suspected security vulnerability, please send a secure message to our team. You can encrypt your message using our PGP key to ensure secure communication using the instructions below.

PGP Encryption Instructions:

• Upload your public PGP key here.
• Download our public key here. 
• Within your email tool, encrypt your secure message containing the vulnerability submission contents above using inline
• Send email to securityvulnerabilityreports-streams@21cs.com.
• Please do not supply attachments at this time

Who Receives Security Vulnerability Requests?

Only a select group of authorized employees, have access to emails sent to securityvulnerabilityreports-streams@21cs.com. Your communication with us will be handled confidentially.

Our Response Process

Upon receiving your report, we will acknowledge receipt within three working days. For complex issues requiring further investigation, we will provide updates on our progress as we work to find resolution. When the vulnerability is fixed we will follow up as well.

Confidentiality

Any contact information shared with 21CS regarding security vulnerabilities is treated with strict confidentiality and is not disclosed to third parties. If the security vulnerability is determined to be a widescale issue we will report and communicate through official channels, but your information and identity will remain anonymous.

Notifications and Updates

Streams does not offer an advance notification service for security advisories. However, security advisories and updates are regularly posted on our website, distributed through our customer portal, and communicated to customers via email.

Thank you for your commitment to helping us maintain the security of Streams  products and services. We value your contributions in keeping our systems safe and secure.