Security
A security company, held to its own bar.
How Extuno runs untrusted code safely, handles your data, and works with researchers who report issues.
- 1Report received at
- 2Triaged and acknowledged within 48 hours
- 3Fix developed and validated in a sandbox
- 4Disclosure coordinated with the reporter
Posture
How we handle untrusted code and your data.
Runtime
Segmented execution
Every dynamic scan runs in an ephemeral, network-segmented micro-VM, destroyed after the run.
Data
Least-data handling
We process artifacts and findings, not your personal browsing. Retention is configurable on enterprise plans.
Platform
Access controls
Multi-tenant isolation, role-based access, full audit logging, and SSO with SCIM provisioning.
Responsible disclosure
Found something? Tell us.
We welcome reports from security researchers and respond quickly. Our policy, contact, and expiry are published per RFC 9116 at /.well-known/security.txt.
- + for reports
- + Acknowledgement within 48 hours
- + Coordinated disclosure with credit
At a glance
Trust posture
GDPR-aligned data handlingincluded
Configurable data residencyincluded
SSO + SCIMincluded
Full audit logincluded