Contact
Vulnerabilities
We encourage security researchers and members of the community to report vulnerabilities through the following contact methods:
- Email: cna@erlef.org
- GPG Key: For encrypted communications, please use our GPG key:
- Public Key: GPG Public Key
- Fingerprint:
38BD 201B 397E 28F1 F3D9 3EC7 6E03 1A81 1F26 6E21
Report via GitHub Private Vulnerability Reporting
We also support direct integration with GitHub Private Vulnerability Reporting.
If you’re using GitHub to report your vulnerability, you can invite our CNA Points of Contact (PoCs) directly into your private advisory instead of reaching out via email.
Steps to collaborate with us on a GitHub Advisory
- CVE Identifier
- When initially creating the advisory, choose:
“Request CVE ID later”
- When initially creating the advisory, choose:
- Collaborators
- Add the following GitHub users as collaborators to the private advisory:
@IngelaAndin– Ingela Andin (Affiliation: OTP Core Contributor)@maennchen– Jonatan Männchen (Affiliation: CISO Erlang Ecosystem Foundation)@voltone– Bram Verburg (Affiliation: Erlang Ecosystem Foundation Security WG Chair)
- Add the following GitHub users as collaborators to the private advisory:
- Assigning a CVE ID
- Once the Erlang Ecosystem Foundation CNA has reviewed the report and
decided to issue a CVE ID, edit the advisory:
- Set CVE Identifier to “I have an existing CVE ID”
- Enter the CVE number we provide you into the Existing CVE field
- Once the Erlang Ecosystem Foundation CNA has reviewed the report and
decided to issue a CVE ID, edit the advisory:
This approach provides a secure and streamlined workflow for submitting and triaging vulnerabilities within the GitHub ecosystem.
Questions & Suggestions
For general questions, please use GitHub Discussions.
⚠️ Note: GitHub Discussions are public. Never report or include vulnerability details. ⚠️