We encourage you to report any security vulnerabilities you may find by submitting your report via email:
You can expect to receive a response within 24 hours.
If the vulnerability is accepted you will have our sincere gratitude.
Once accepted, please allow us at least ninety (90) days to resolve the issue before reporting the vulnerability publicly.
The authoritative location to access our ed25519 digital signature public keys is at https://keys.truestamp.com. These keys are used to sign commitments and other security artifacts.