At Hexiosec we always try to apply best practice, to both security and development.
Whilst we don’t yet have a bug bounty program for any of our products, we do of course take security seriously. As part of that, we are committed to and believe in friendly, coordinated disclosure of security vulnerabilities and issues. That’s how we approach disclosing vulnerabilities we find in other people’s stuff, and you have to try and lead by example.
If you need to get in touch about a potential vulnerability or issue in either ASM or Transfer, please fill in the contact form, responses to which we do actually read. If you have a sensitive report to share with us then we can send you a secure transfer request to get it to us securely, and no-one has to bother with GPG.