Team Information
Team name Slack CSIRT
Official team name Slack CSIRT
Member since August 19, 2020
Host organization Slack Technologies
Country of team United States of America (the)  US
Date of establishment 2016-06-01
Team Contact Information
Regular telephone number Email Preferred
Emergency telephone number Email Preferred
E-mail address
Facsimile number n/a
Other communication facilities page for emergencies at
Postal address 500 Howard St San Francisco, CA 94105
Business Hours
Timezone Pacific Standard PST
Description of business hours 0900-1700
How to contact outside business hours For emergencies:
Type of Constituency Other commercial
Source of Constituency Both external and internal
Description of Constituency Our CSIRT is layered over the whole of the Security organization. The two teams responsible for discovering and responding to incidents are the Security Operations team and the Product Security (AppSec) team. Both teams follow the same documented response processes. The Security Operations team are responsible for detecting and responding to incidents having to do with systems and infrastructure in both the corporate fleet and Slack’s backend. These teams are primarily responsible for detecting and responding to unwanted activity and actively exposed vulnerabilities in endpoints. The Product Security team is responsible for the Secure Development Lifecycle and Bug Bounty programs which often identify vulnerabilities in the product, itself, such as a vulnerable library, code practice, or design. Where deemed incident-worthy, the Product Security team is responsible for acting as the subject matter expert and responding to such an incident to closure.
Internet Domain Address
Country of Constituency United States of America (the)  US
PGP key id 0x61EC4BB63D7039FC
PGP fingerprint 411AD6D2444FF0DFE0E2681861EC4BB63D7039FC
Team PGP public key 411A D6D2 444F F0DF E0E2 6818 61EC 4BB6 3D70 39FC  
Slack Security <>
Updated on May 15, 2020 19:10 UTC
Expires on May 13, 2028 19:10 UTC

Team contact information provided for Incident Response purposes only. FIRST strictly prohibits the use of contact information for solicitation or marketing.

FIRST follows the ISO 3166-1 standard for country code and name listings.