At Hexiosec we always try to apply best practice, to both security and development.
Whilst we don’t yet have a bug bounty program for any of our products, we do of course take security seriously, and are committed to and believe in friendly, coordinated disclosure of security vulnerabilities and issues. That’s how we approach disclosing vulnerabilities we find in other people’s stuff, as you have to try and lead by example.
If you need to get in touch about a potential vulnerability or issue in something we own, please fill in the contact form, responses to which we do actually read. If you have a sensitive report to share with us we can send you a secure transfer request to get it to us securely, and no-one has to bother with GPG.