Contact

We encourage security researchers and members of the community to report vulnerabilities through the following contact methods.

Report a Vulnerability

Email cna@erlef.org GPG Key For encrypted communications

Fingerprint: 38BD 201B 397E 28F1 F3D9 3EC7 6E03 1A81 1F26 6E21

GitHub Private Vulnerability Reporting

We also support GitHub Private Vulnerability Reporting. You can invite our CNA Points of Contact directly into your private advisory.

1

CVE Identifier

When creating the advisory, choose "Request CVE ID later"

2

Add Collaborators

Invite these GitHub users to your private advisory:

• @IngelaAndin Ingela Andin – OTP Core Contributor
• @maennchen Jonatan Männchen – CISO, EEF
• @voltone Bram Verburg – Security WG Chair

3

Assign CVE ID

Once we provide a CVE ID, edit the advisory and set "I have an existing CVE ID"

Questions & Suggestions

GitHub Discussions For general questions

GitHub Discussions are public. Never report or include vulnerability details.