Security Policy
Last Updated: February 21, 2026
IMPORTANT
At Silitics GmbH, we take the security of Nexigon and all our products seriously. We appreciate the efforts of security researchers and the broader community in helping us maintain a secure platform. If you discover a security vulnerability, we encourage you to report it responsibly so we can address it promptly.
When vulnerabilities are reported, we will work to verify and address them as quickly as possible. Security advisories will be published after a fix has been released to inform users about the vulnerability and the steps taken to resolve it.
1. Responsible Disclosure
If you discover a security vulnerability, please report it to us via email at security@silitics.com.
When reporting a vulnerability, please include:
- A description of the vulnerability and its potential impact.
- Detailed steps to reproduce the issue.
- Any relevant logs, screenshots, or proof-of-concept code.
- Your contact information for follow-up (optional but appreciated).
2. What to Expect
- Acknowledgment: We will acknowledge receipt of your report within 2 business days.
- Assessment: We will provide an initial assessment of the report within 5 business days.
- Remediation: We will work with you to understand and address the vulnerability. We may ask for additional information or guidance.
- Disclosure: Once a fix is released, we will publish a security advisory. We are happy to credit you for your discovery unless you prefer to remain anonymous.
3. Encrypted Communication
If feasible, please consider encrypting the communication with us. You may use the PGP key with fingerprint 5084 1391 EA3E DDC2 2195 0369 9978 6B48 3343 D95B available from common key servers or upon request at security@silitics.com.
4. Cyber Resilience Act (CRA) Compliance
In accordance with the European Cyber Resilience Act (EU) 2024/2847, Silitics GmbH, as the manufacturer of Nexigon and its components, is committed to:
- Active monitoring for vulnerabilities in Nexigon and its dependencies.
- Timely remediation of identified vulnerabilities, including the provision of security updates.
- Coordinated vulnerability disclosure in line with industry best practices.
- Providing security advisories with clear descriptions of vulnerabilities, affected components, their severity, and remediation guidance.
For Nexigon's open-source components, advisories are published via GitHub Security Advisories.
For the self-hosted Enterprise variant, security advisories are communicated to affected customers through internal channels.
For questions regarding CRA compliance, please contact security@silitics.com.
5. Non-Security Issues
For bugs and issues that do not have a security impact, please use the appropriate public channels such as GitHub issues. If you are unsure whether an issue is security-related, feel free to reach out to us at security@silitics.com and we will help determine the appropriate course of action.