Blueberry Software AD — Security

PSIRT contact, vulnerability disclosure policy, security advisories, and PGP key.

Blueberry Software AD — Product Security

We take security reports seriously. If you have found a vulnerability in any Blueberry-operated product (including Volts AIoT Suite, Volts Gateway hardware and firmware, and Volts mobile apps), please report it to us.

Report a vulnerability

Email: security@blueberry.bg
PGP-encrypt your report: PGP key & instructions
Web form: (coming soon)

We acknowledge new reports within 2 business days and provide a severity assessment within 5 business days. See our Coordinated Vulnerability Disclosure Policy for the full SLA, scope, and what to expect.

Latest advisories

See the full advisory archive for all past advisories with affected versions and fix information.

Trust and verification

Canonical CSAF feed: /.well-known/csaf/provider-metadata.json
PGP key: /.well-known/security-pgp.asc
security.txt: /.well-known/security.txt
Hall of fame: /security/hall-of-fame/

About this site

Blueberry Software AD operates this PSIRT site as a shared service for the group, including Volts EOOD. Advisories are issued under the BBSA-YYYY-NNN identifier scheme; the issuer of record on every advisory is Blueberry Software AD.

A copy of the advisory index is mirrored at volts.live/security/ for product-facing discovery. The canonical content (including signed CSAF JSON) lives on this site.

Recent advisories

BBSA-2026-000 — TEST — Smoke test advisory, please ignore 2026-05-16 Low

All advisories →