Product Security

Posit values the security of its products and customers; we appreciate contributions from the security community to further enhance the security of our software. We ask that you follow these responsible disclosure guidelines.

We ask that you follow these responsible disclosure guidelines.

Notify Posit of the vulnerability and provide us a reasonable amount of time to address it before disclosing the issue publicly.
Provide details of the vulnerability including the steps necessary to reproduce and validate.
Avoid privacy violations, data loss, or service disruption when performing research.
Do not modify or access others’ data.

To encourage responsible disclosure, we commit that we will not take legal action against you nor ask law enforcement to investigate if we determine that you have complied with the above responsible disclosure guidelines.

Product Vulnerability Reporting

If you believe you have discovered a vulnerability in one of our products, please contact us immediately so that we may resolve the issue as quickly as possible. You may email the details of the vulnerability to security@posit.co. Please include the following information:

  • Product name and version.
  • A description of the vulnerability and why it is exploitable.
  • Evidence of a successful exploit and complete steps to reproduce the exploit. Screenshots or video are preferred.

Please include as much information as possible. If we cannot reproduce the exploit with the information provided, we will be unable to proceed further.

We will attempt to respond to all reports within 3 business days however the time to research the issue may be longer. Depending on the outcome, detailed results of the investigation may not be made available until a fix is released.

Responses to Penetration or Vulnerability Testing Reports

If you have received a vulnerability assessment or penetration test report for your installed instance of an Posit product and would like Posit to comment, please please submit a support ticket at https://support.posit.co and include the following information:

  • The full detail of each finding, without redaction.
  • If submitting the full report, a list of which findings require comment.
  • An acknowledgement that you have independently verified each vulnerability requiring comment and determined they are not due to a configuration setting.

Please include as much information as possible. If we cannot reproduce the exploit with the information provided, we will be unable to proceed further. Turnaround time is typically two weeks but may be longer due to volume.

Security Questionnaires

Potential customers: Please work with your sales representative to coordinate completion of the questionnaire. A security non-disclosure agreement may be required.

Existing customers: If your organization requires a product security questionnaire to be completed by Posit, please submit a support ticket at https://support.posit.co and include the following information:

  • Contact name and email address
  • Which products are to be covered
  • A link to or copy of the questionnaire (if the questionnaire requires a login, we will contact the person listed in the ticket to coordinate access)

Please ensure the questionnaire is appropriate for the type of product. For example, a SaaS or cloud-based questionnaire is not applicable to on-premise software. Turnaround time is typically two weeks but may be longer due to volume.

Unfortunately at this time we are unable to complete security questionnaires for open-source products or shinyapps.io.

Bug Bounty Requests

Posit does not offer a Bug Bounty program.

PGP Key

If you would like to encrypt your email to us, our PGP key is available below. If you encrypt your email, please include your PGP public key in your message or else the reply.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGRr4rMBEADUlzsA78RMj7WiPfJf+n1HSajArYYfbpckEZXbHBV/ohtoL1gg
i2P8i8qVmKyMZHYzXYBCEd5QFhy/txU7G1ICSSKauuLL+S0sc6GltIGwzJWt8xpG
hx/ibaIDfIGKkEfcKmcvKd+M59xRJO5qNS2dIldHJLNUr0BN6xF16lf2CMAS0T+3
u6hakaGTh2PDuFCEX8eBq47h26iG8NyTruh/faNO/QoN7JZ3f8gV3gtut35DuWhh
se5MnvPv8EP1CycXJeMyWKVdU5i/ez88qQQNDKDPbBtG+38kcAs9H37Pm0fKGGoP
uUHgR8sQ1hMZ7ZdW6CbxTHitP6qFbo9pCJ1NieXf2KSiDmk/VOrtF9mlfPu+kIYB
T6WxEMva0Rb4NXESZpOgnPleOQOmo6v77n8lMUjIFpzbJCVvm391zuOAk52I3HmJ
HnBftepdqrjjzW/EG9+zhaKwMgvEk7VAKNq4vkkw4V/q1lbzRBQXJ3Ile0+AZJCf
0TnbvqnIL1wcC1932rdJRm7RCHoDdkhzmBloin9uwsPmmrbNPByz0D9HjtH2iRQV
ES+F52oLaAxzsHbFaRhyRi0UXGMnYEtdml0cL1wcGH9/XsHo+OASDOzS1a7xDbNx
e+gQP/YVze80/54rNi5RLdzR6eSFoOfpCEGC93kwKkUqEPGEdC15PO+S5QARAQAB
tCxQb3NpdCBTb2Z0d2FyZSwgUEJDIDxzZWN1cml0eS10ZWFtQHBvc2l0LmNvPokC
VAQTAQgAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBItl5aEHu+/jupnF
l1HAtbsZ+S1gBQJmRiMeBQkHhh8/AAoJEFHAtbsZ+S1gcHsP/0hxGNeIqJtSajj0
Kq41AxssNEEv2xhox7PkYpbAOcQFUJvlIKIJxDWytD9zZkz+u7nGgY8FUhMoMEN9
qGZqYV8yuu4Tg4RV73GxU/6wrOijnWxCY6g/xEPdaTC+fNCuvUAzZQL4ZI/GO+25
9Gc0w3TazpGMUPK9RPr2ud5lJcOGV3C1AqG5QC9GOxsUNsU2cvUH0gmbbEh2L4Ix
H8qkERZWXYP8pZdnmecjthJ4ySgtgqh10JBQswvRMO6rgTDgkJ49gX6V9c54Cap7
diSAjMDzI/FgRFJCME41pxjQ3OWnYGtKgvX3BtKHpLWsaITtGtsVciraNn5prF/L
uKJV3vzadpebtTqZgKpBiCpSTSW8kPrEyqLeeDTbmvjcWSxU6BJYVgabXVi6DwZ/
pabG3eOKbIhk3MGYvVXB2pCPv44qz2bQIif0nQ2xqJ2nMCgUVVa2TJx8klmDwOJo
rqEmLOyAxPAWXbl2tqyFq7WnPovULUUNUCFf4o+t8nmQAV4xUvFhSpNZ8YKFVJ36
pvj8vQ3zUAwACnOAdJGC/A+/aUWx0/SIw7kFEZHs91ppMzfEezFQ5VWqFmZGYNlQ
SRjzMs8fVwNldc/VPrBC2OG9VetWUZ0jBFSPV0zunewigBho9lyyQ2w+H3MPylkB
Dmnt+12tI0YUCfJE5Q2wsOvkxQz6uQINBGRr4rMBEADFnLw/+gZQqZlu6A2FIEf3
8H2RpNfdxXV2uDHNCZSMfgRtq+kAwfkqfiVMsTOA8TcLFS26gCoeREOfmmcCxu0C
nLTUZGPh+LSIzrvjfjaq9DF625lWp/dI9MKy1JmAO4E1BQgsYMKKE+CW4edAU/uy
wxxWC23Lh9s0ZLXotGl0lBtOxrh1UmukC3oIJeAVkrMvZlnAPYFOOm1uflA9JwGJ
+ZPGYtgUFLAVkByM9cHh8Co5BW2aigF+tfrgllFSn/FvQEwXi4aO6Kik3hRTsWLm
8cA7K0EihMkgj1CH/wZCVEVN8Gs0TXV9n4PD3C3oP+abBr4e3G3VnzABcrYarl+e
Hy1icbybgNwGOXowKkVHxR7Y+8El8L8nCWnoU1fLnJngsbw1TC8vmVnhUoGADJS/
C2TWUOXhR9OuOSsKj6tEvEv9XLs0PAiiPK4Bh0dQxqSYsN4uCYJZka+mqg+5Hf2p
glnta8aC4/VdQkIVHVyDTvIMOm7mfqZsM+roVPyKdbXfXmyjfffgFt7/FBxk57kS
qS7PbbalK2C9AfU+hqmZ3dJJT+g87c5+PMQbGEbSbNktWG8btQYFw5/7B2EZSYZr
e7Ry7ySLQkFD3wFjAbSy9LeJdzdEz58odQkD6e1Q+MIPnh6eRBKPe4izrjBxLWZt
yRV/i4QIjjfix6qq26yy5wARAQABiQI8BBgBCAAmAhsMFiEEi2XloQe77+O6mcWX
UcC1uxn5LWAFAmZGI4YFCQeHFc8ACgkQUcC1uxn5LWB+XxAAtGJ+L8qq3Df3MLte
G+Zg2Rwf7NtPOBgEpw5b/jTclrDwvynC4/o1KQ44sMwPSn0xoyDdWrX30FTBywcV
HrYCh0hBa++HgQiXY2rNM2d0UX+LiZ0B5T6WVTd8wvIdkNlfi9MDHX97CwliFp/7
7o9Plb2afRuB/XgX08NIoskTprzFnEYrKFjfTbfiLGKtU2/F2S28iHVCeJ3NPJfp
TNH45TtWmTKEengL4PDMi3ZAcnrb9cwiQC6JMZRAPcNBEY/8fNFqogL24NrlSbdD
nlmk8Zbk3yqnKOT1fQx7VwaCoje9kLzTtgTnh6o7tu3X/ONvIkpIER6m8rVf4/IS
c6F66iSVbPLFSewZrPXKbtWCgxuOt4qFxOjsoNpGac1XUKvEHfL0W0s7IQQjvH95
1hyUQ17q1655FmKcOxPC+7IquU0KDTx/Q27Iziv2CY+sTlC/ARwG42/Lm9smHemJ
dFM0lx3lrKREM01BTRV7lkFNp3kRgYLq0X/gpdqW5tRn6wxyollKtLxi9LUYIRg6
4HMnD6OkgMVmeQ57ISgCB+PY0vrjZpp6PKZe2pSDZroALjab/3BT/+BcR+BlsUIc
mIg6BzpPfiFCbDYhefNcufi4WW1qmSGBLjahst4qGn4H8zC/moywEPgN2QiZm1+0
HorlOEi7/Z1VvkaLX3zrDqoGTLm5Ag0EZGvi5gEQAM1rC8ivV42u9F0/V/AhbDwa
CJNP9rCP6XeRZj6sAjyuTAQ2GkVbyRCFhDqB8w+opEoY1JTT26jN5BRHrfFvWbWX
GNPD4DUY2HrTy7ct3JYRYrVLrUlm8CrVn34CtwOH1trcm498NASZH3nrF3YFpaP1
yQAqkBEKSOU3LLk2Q7Uv4qGQIO4YRF0WNYxmzRhx/aSJi2UL7n4lTaQ8p1U25xb4
OIS966ly82wO4KsK8xUVjKDERoEj+t0cjRY5q/OgYVyHU0pvtN/9ifT3e4KWUSaV
bqNFzoUHmoy6KEZWPVEzCn87fXkMZs7Z2LBIotvfkHfIVGeBqyleY1TFZgYh6Bqo
Xb+m+PzF1LlgN/2ghrn04d1HcTwmpH06AVdueyt7nTLCTHGhZFVAm6XQ4hKZT14D
rV52bC+2ID/9z3/pRxIJcSW9rP5PREGG3XjbSMl+GUKIB5ouXpf+FZayEBZJ3Tiz
JZtNbHWsi9smTJ2ZTkUl+xLq/7iCP+XgrM7x0z/Fh89w+hQpgWzYfKP9ODNJnLkD
HrtFbn81jook/6XinNNb5TIkAiXS7TZMgPPtyMvP2zu/d/rkmV2TfjCJ+i4LmQmy
PETKas7bSUZvRIRazx1ogqgXy0f52gRXgFQud0yBvhjlGkDcW/JgtE1zlYx5AbwG
RDz6zZ9b8DCczrVL6WhdABEBAAGJAjwEGAEIACYCGwwWIQSLZeWhB7vv47qZxZdR
wLW7GfktYAUCZkYjmQUJB4cVrwAKCRBRwLW7GfktYLh9EACVprLbDAqyiftySBhE
mGRkcMAjGJK+unJQnpuU6kFYsrJAqNIoKmEcsiBCyPnqK7eZomNc4F/EZtYimCrO
FRohJjtcbhC7p8OCzqEq8zE2uJ2lWNT/pOnMpspuneEJayA6+Y2w8Pklc9MjlEfT
ZlQ5pGCzK4ZsssBhGustLrXws2lQKkIfJP+/45yJZwba+FGvhmB8SnXEUce7WKrw
tN9ZkEew4khdnYr5GvZjo6jDl6ES8rpwY5/ITE5+LMzVPTUDSG9Tht1waXJy++3T
2PYEarjjp2QX6Q/3iSjlt1uE/3amxpzgHhKH+EtldsqfZuD9lGXy/eaHBcclchsa
TDz7j9IGXkZX3psAWwSk7oeBPTvgP1ZchicWtXI2Xl6ENT+1MmOS56IkiHHcrPBw
aLL9UfUPVYd61kpqHefham4WCAWEM22mVLrjoHkpZ8WjYa4DC/85fpf6nAxsmFKR
D2xbMG3yOYosOfPjf8UUjFzOywTcSPQRupRv3Nu6nHGblKlyBccIgrasd1F9rozo
ziSS2L/BfezkDbzjgaiNjy7396gD2+lYxgfxSx7RcUAn09nRnANfyuMw7AuBOhBo
C/rutFDx4WeQ+WWxEluT+KOxWS+gllE5RfzVkBH5b+gbH3SibG0Wn0CqI5rZ5axa
HBV++eW9rb0bbC/wKzIIRxXkKrkCDQRka+puARAAtcTNQgcMyLW9EVrwsaNSLb4f
I91HjTeLETRN9xxIS/XXNsIddQk2fC8c9LTryQ5+euPG5SE/q6H/5DhpmVX54C9t
p0uKJ2QrQF25/hB1lQz+7jQ6Sq68NT79iKgp0354OpoCIfVz0bS+LIXNV6SkiF36
8RdwZ7VXbG27ECizqb2dM4X25xfvbeTcAjBiR7YKWwurZSpTKXbDaBs5UepIZuOR
ia5TGQy8ZnVxNvA7Wa89pFXbmXLJOR8b5yfcmNqv5AfNpwrlNMeYf2yT/zroEFn2
0Tt4hPz8c7KZabr586PCUyeW4L7SHD+3A6xvlXJ0ygzr+r0j27Yv4DZMyN5S8mcq
puauh6cAtE1tMsWijwZF7R48NLEex6/9LrRwAosJpSPStVJMBwIXOk7VJxOcQRtp
AwbPq8SQPqf08jdgpvZF/ZuJUS323dHLvulF4mNPQ55hNtb/d+Oqh414/mzto0O1
+1nuG07Wf2BeI5Q5onPis0EM0ru+ye8T8+eapqQ2ySeX8fEBMSiJvC2qadWWlDdN
wJkTbjr6pQgbnTwI+QBdllHxGLHjg9lmR/1X0DchhZtdziCUWTdpEy68h27ab7dN
BSm90y7AvF9QtxiNcJ1+pJE3d6w2D7Oe7ySEnCnWFfM4ON5e+hdrhsG8w1+0orye
euzwiRK1wvFlBrHTDXEAEQEAAYkCPAQYAQgAJgIbDBYhBItl5aEHu+/jupnFl1HA
tbsZ+S1gBQJmRiOoBQkHhw42AAoJEFHAtbsZ+S1guQoP/2wnafMzQ4roJssb4o6r
183Jd42A1sXr5533eBU9TRB6Zuj+zqPww2IxQEUqnUaL3uaUA7SjpyL9B0v5Da1b
DjQmuNhBSXvgwlRo9XP4mWkmLPw9hYtMRTnTVgctAHm/Zx1Y+k5XN8e3qAnZHwmD
HhVHDb7P9tiuQJAysmkzuF8RskhrYDd4feTlU65tSF6xN5GWEtY2wavtVnU9Pq3T
jm+L+upjyf8pc4eznWgDNyWbHy2WZTM21GwRwO4VJojvVAE08qmkLqqabU2MaNs0
6O3+8GJKmXnJNL1aQwV4D0BaB87uejyYqCxbASi4UapcSNrpf83cZc6FBSMaDDLr
5IWdRdMMBrSwU8Y5oZToI7Hr2dwpxvQb2g9Lek732HOmpRfkBokqajGdm571eWGs
I/nsuYhkBnv3f1JyQi9glPE0DZ9559MnJYf0tLubEtKWG25YorAOysWiq35I4Qjy
P5FsWr8F4NVxk1If6Xfd8aWMaWXWqhBpKtsW/quPN9YxuuMCbVKkEPkb1ZwZYNEf
MigrNo/my2zzY8SAHH5yCUgHOnMEWHPJjn4Ov/mL3W9VmFrFCeLya0oaVjMKMwyR
ES1evDHgpJQqbtfix3Ju0/3Xt9Vtp8qmAHwwvkMgkyiBi+iJJ2iWc0ibs5/SnWXB
U2EuISkCgcTxT1ekiArexBXc
=fY3G
-----END PGP PUBLIC KEY BLOCK-----

Stay in the loop about Posit's product updates

Subscribe