Response Window
Forge targets acknowledgment within 24 business hours and initial triage within three business days.
Forge Orbital Security
Security reporting for Forge Orbital.
Use this page to report a suspected vulnerability, find Forge's public PGP key, review coordinated-disclosure rules, and check public advisory status.
Disclosure Target
Coordinated disclosure generally follows a 90-day remediation target for confirmed vulnerabilities.
Advisory Status
No public security advisories have been published for Forge Orbital production software.
Report Securely
Use the report form for structured intake. For encrypted follow-up, use Forge's public PGP key and the security mailbox listed below.
- Form
- /security/report
- [email protected]
- PGP
- Published public key
- Fingerprint
F58F 59FE CCA2 4FA9 E149 DC1D 6EEE F0E3 CF2D 0EB9
Verification
Forge publishes a standard security discovery file and an advisory index so customer security teams and researchers have a stable place to verify the intake path.
- security.txt
- /.well-known/security.txt
- Policy
- Responsible disclosure policy
- Advisories
- Public advisory index
Before You Submit
Include
- Affected URL, endpoint, version, or artifact.
- Clear reproduction steps and observed impact.
- Minimal proof needed for triage.
- Your disclosure-credit preference.
Do Not Include
- Customer data, classified material, export-controlled material, or credentials.
- High-volume testing, persistence, exfiltration, or destructive proof.
- Details from third-party systems unless authorized by that third party and Forge.