Software is not perfect. Xelerance corporation attempts to provide the highest quality products possible. We do this by attempting to get complete test coverage for the code. This goal is not yet attained.

Should you need to report a possible vulnerability in openswan, we would ask that you contact us privately first. You can email us at: security (at) xelerance.com.

We would ask that you encrypt the email with GPG/PGP if possible, and provide us with serveral ways of securely contacting you. We will respect any request to remain confidential.

The GPG key to use is here, on the key servers, and is available via finger.

Publically disclosed vulnerabilities