We take security seriously and welcome responsible disclosure of security vulnerabilities. If you discover a security issue in the WestSoftPOS app, please report it through one of our security channels.
Reporting Channels
Primary Channel - Secure Email:
- Email: vapt-reports@westpay.se
- Important: All vulnerability reports must be PGP-encrypted
- PGP Public Key:
- PGP File: Click here to download
- Alternative access: Available upon request at vapt-reports@westpay.se
Secondary Channel:
- Azure DevOps (for authenticated users with direct access)
Emergency Hotline:
- Phone: +46 85 066 8403
How to Submit an Encrypted Report
- Request Westpay's PGP public key by emailing vapt-reports@westpay.se
- Encrypt your vulnerability report using the provided public key
- Send the encrypted report to vapt-reports@westpay.se
Response Times
We are committed to responding promptly to security reports:
| Severity | Acknowledgment | Initial Assessment | Resolution Target |
|---|---|---|---|
| Critical | 1 hour | 24 hours | 4 days |
| High | 4 hours | 48 hours | 10 days |
| Medium | 48 hours | 5 business days | 30 days |
| Low | 5 business days | 10 business days | Next release |
Thank you for helping us keep WestSoftPOS secure ❤