If you believe you have discovered a potential security vulnerability or bug within any of Aqua Security’s publicly available resources, sites, or one of our services or products, we would like you to let us know as quickly as possible by filling out the Vulnerability Report Form.
Our team will review the disclosed information, evaluate, and if possible, remediate or mitigate the findings.
Report a Vulnerability
Please let us know about the vulnerabilities you identify as quickly as possible. The sent report should include sufficient information for us to validate and reproduce the issue, including:
- The service, resource, site or product affected. Please include URL, IP address, resource or product name.
- Detailed description of the vulnerability.
- Description, steps were taken and tools that were used to discover the vulnerability.
- Projected impact of the vulnerability and likely attack scenario.
- Proof of Concept (PoC) – please supply instructions demonstrating how the vulnerability might be exploited.
- Remediation, mitigation or corrective actions of how to fix the vulnerability.
Important to mention
- Please do not publicly disclose the details of any potential security vulnerabilities without written consent from Aqua Security authoritative department.
- Aqua Security does not condone any malicious or illegal behavior in the identification and reporting of security vulnerabilities and you should not engage in any activity that violates applicable laws.
- If you discover personally identifiable information (PII) while exploring a suspected security vulnerability, please cease your investigation and report the vulnerability that led to such discovery immediately.
Things to Avoid
If you are considering submitting a vulnerability report, your values clearly align with ours. You know how critical security is and you want to protect the information. Understanding this shared perspective, we do not want you to take on or create unnecessary risk in order to discover a vulnerability.
Accordingly, we ask that you kindly avoid performing actions that may:
- Negatively affect availability or integrity of any of Aqua Security or its customers services, infrastructure or data.
- Retain or disclose any Personally Identifiable Information (PII) discovered.
- Violate any other applicable laws or regulations.