The Natlas developers try to take security into account at every step of the design for our projects. Built by hackers, Natlas is extremely receptive to vulnerability research against our projects. We only ask that you test against local installations and not against any publicly run natlas servers at this time.
There is currently no security@ email address for the entire natlas project. Vulnerabilities can be submitted directly to dade via his email: dade [at] tutanota [dot] com. For any security concerns that do not represent currently exploitable vulnerabilities, please file a github issue in the relevant repository.