We use cookies for analytics and error tracking.

04 Notifier

Your PSIRT — ready from day 1.

Case management, CSAF advisories and coordinated vulnerability disclosure. Handle vulnerabilities in a structured way, not in email chaos.

Free CRA check
04 Notifier

The Moment

A security researcher finds a vulnerability in your product. They look for a contact path: No security.txt. No CVD policy. No intake form. So they write an email to info@. Or worse: they post in a forum.

Three weeks later your team finds out about it — through a customer who read the forum post. Now it's a crisis instead of a process.

With Notifier it's different. The researcher finds your security.txt, reports via the intake form, and your team has the case immediately in the Kanban board. Triage in hours, not weeks. Fix, advisory, disclosure — structured and traceable.

Features

Everything for professional vulnerability disclosure — from report to advisory.

Case Management (Kanban)

Manage vulnerability cases in a Kanban board. From "Received" through "In Progress" to "Published" — every status at a glance.

CSAF Advisories

Create machine-readable security advisories in CSAF format. Standards-compliant, automatically structured, immediately publishable.

security.txt (RFC 9116)

Generate and publish a security.txt according to RFC 9116 — so security researchers know how to reach you.

CVD Policy

Define your Coordinated Vulnerability Disclosure Policy. Clear rules for researchers, clear processes for your team.

Vulnerability Report Intake

A structured intake form for vulnerability reports. Researchers report, your team handles — without email chaos.

Public Disclosure Page

Your own public page for security advisories, security.txt and CVD policy. Professional and trust-building.

How Notifier works

1

Set up (30 minutes)

Set up security.txt, CVD policy and intake form. In 30 minutes your PSIRT is operational.

2

Receive report

A security researcher reports a vulnerability via your intake form. The case is automatically created.

3

Triage & treatment

Evaluate the report, assign it to the right team and coordinate the fix — all in the Kanban board.

4

Fix & verification

Document the fix, have it verified and prepare the publication.

5

Advisory & disclosure

Publish a CSAF advisory on your disclosure page. Report to ENISA if necessary. Close the case.

Connects to

Cyber Resilience Act

September 11, 2026.

From then on, product security is a legal obligation. No evidence, no CE marking.

176
Days
:
15
Hrs
:
27
Min
:
34
Sec

From vulnerability report to advisory — in one workflow.

PSIRT-in-a-Box: Case management, CSAF advisories, and coordinated disclosure.

Free CRA Quick Scan