You can expect us to:

  • Handle information obtained in our exchanges with researchers who report to the program in accordance with our privacy policy.
  • Treat everyone who contributes with respect, as we appreciate your contribution to keeping us and our customers safe and secure.
  • Investigate and make efforts to remediate vulnerability issues in a manner consistent with protecting the safety and security of our customers. Addressing a valid reported vulnerability takes time, based on the severity of the vulnerability and the affected systems.  We may request further information from you to help us in remediating issues.

We ask that you please:

  • Do not disclose any information regarding your submission’s details to third parties without prior written permission from our team.
  • Provide as much information as possible in your submission. It is vital to provide clear reproduction steps regarding your finding so that we may validate the report in a timely manner.
  • Do not provide any confidential or proprietary information of third parties unless you have gained permission to do so.
  • Add your email address to the submission, so we can get in touch with you about any further technical details which may be needed.

Please note that the following items are out of scope of reporting under this program:

  • Testing the physical security of our IBXs, offices, employees, equipment, etc.
  • Conducting non-technical attacks such as social engineering or phishing attacks.
  • DoS/DDoS or any other testing that would impact the operation of our systems.
  • Accessing, downloading, or modifying data residing in an account that does not belong to you.
  • Testing that would result in sending spam or other unsolicited messages.
  • Testing third party applications or services.
  • Defacing any of our assets.
Continue browsing