Security

A security company, held to its own bar.

How Extuno runs untrusted code safely, handles your data, and works with researchers who report issues.

  1. 1Report received at
  2. 2Triaged and acknowledged within 48 hours
  3. 3Fix developed and validated in a sandbox
  4. 4Disclosure coordinated with the reporter
Posture

How we handle untrusted code and your data.

Runtime

Segmented execution

Every dynamic scan runs in an ephemeral, network-segmented micro-VM, destroyed after the run.

Data

Least-data handling

We process artifacts and findings, not your personal browsing. Retention is configurable on enterprise plans.

Platform

Access controls

Multi-tenant isolation, role-based access, full audit logging, and SSO with SCIM provisioning.

Responsible disclosure

Found something? Tell us.

We welcome reports from security researchers and respond quickly. Our policy, contact, and expiry are published per RFC 9116 at /.well-known/security.txt.

  • + for reports
  • + Acknowledgement within 48 hours
  • + Coordinated disclosure with credit
At a glance

Trust posture

GDPR-aligned data handlingincluded
Configurable data residencyincluded
SSO + SCIMincluded
Full audit logincluded