We document all relevant vulnerabilities affecting Kiteworks and its associated applications in this repository. This is part of our commitment to providing customers with clear and transparent information about the security posture of Kiteworks. Each security advisory includes detailed information about the affected versions and the necessary steps to remediate the issues.

We disclose vulnerability details up to 12 months after a fix has been released. Existing customers can find all relevant information in the release notes provided with each update.

Instructions for reporting a vulnerability can be found on the Kiteworks Responsible Disclosure portal.

We run a public bug bounty program on bugcrowd.com. Please feel free to report issues in scopre of that program to receive bounty based on the impact of the vulnerability.