MapleCloud undergoes independent third-party security audits. Results are published in full.
Conducted by Cure53 · October 2025
Reviewed the SRP-6a authentication flow, OpenPGP key hierarchy, share key derivation, and block-level file encryption. No critical vulnerabilities found. Two medium-severity issues (now resolved) were reported relating to session token entropy.
Full report available on requestConducted by NCC Group · March 2025
Comprehensive penetration test of the web application, API endpoints, and authentication flows. No critical or high-severity findings. Three low-severity issues resolved within 14 days of report.
Full report available on requestWe operate a responsible disclosure programme. If you discover a security vulnerability, please email [email protected]. We respond within 24 hours and offer rewards for qualifying reports.