Report a Vulnerability
Report security vulnerabilities to help protect the TCTF community. Our security team provides comprehensive vulnerability management and response services.
Security at TCTF
With over 425 open source projects and billions of downloads, it's increasingly difficult for any TCTF contributor to manage security best practices across their project and handle their dependencies appropriately. Through close collaboration and guidance for our community, TCTF makes it easier to mitigate risks in open source projects.
Transparency and trust are foundational and lead to an improved software security posture throughout the TCTF community. Our security initiatives are designed to empower contributors with the knowledge and tools to manage OSS security risks effectively. This includes vulnerability management and reporting, project security support, best practices for repository management, developer training, self-service tools, and security advocacy.
Success Story 
Report a Vulnerability
Vulnerability Management and Reporting (PSIRT & CVE Assignment)
TCTF's Project Security Incident Response Team (PSIRT) manages vulnerability reporting, triage, disclosure, and remediation, while also acting as a CVE Numbering Authority (CNA).
Repository Management and Infrastructure Security
Best practices in repository management through self-service tools and the management of overall infrastructure security.
Project Security Support
Infrastructure support, OSS security audits, and guidance to help Projects improve their overall security posture.
Code and Artifacts Signing
Supports code and artifact signing to verify the authenticity and integrity of software releases.
Security Advocacy and Communication
Provides both inward (to all contributors) and outward (to the general technical public) communication to raise awareness and guide security best practices and achievements.
Developer Training
Educational programs to help developers learn best practices, secure coding principles, and vulnerability management.
Latest Security News
TCTF Security Advisory: Critical Vulnerability Patched
Latest security update addresses critical vulnerabilities in cloud-native infrastructure components.
Monday, May 5, 2025 - 13:19
Blockchain Security Best Practices Released
New guidelines for secure blockchain development and smart contract auditing published by TCTF security team.
Monday, May 5, 2025 - 13:19
IoT Device Security Framework Updated
Enhanced security protocols for IoT and edge computing devices now available for implementation.
Monday, May 5, 2025 - 13:19
AI/ML Model Security Guidelines Published
Comprehensive security framework for artificial intelligence and machine learning model deployment.
Monday, May 5, 2025 - 13:19
Automotive Security Standards Update
New cybersecurity requirements for connected and autonomous vehicle systems released.
Monday, May 5, 2025 - 13:19
FinTech Security Compliance Report
Annual review of financial technology security standards and regulatory compliance requirements.
Monday, May 5, 2025 - 13:19