Last update: July 11, 2022
CloudFiles is committed to ensuring the safety and security of our customers. We aim to foster an environment of trust, and an open partnership with the security community, and we recognize the importance of vulnerability disclosures in continuing to ensure safety and security for all of our customers. We have developed this policy to both reflect our corporate values and to uphold our legal responsibility to good-faith security researchers that are providing us with their expertise.
CloudFiles’s Responsible Disclosure Policy applies to CloudFiles’ core platform and its information security infrastructure.
CloudFiles will not engage in legal action against individuals who submit vulnerability reports through our Vulnerability Reporting inbox. We openly accept reports for the currently listed CloudFiles products. We agree not to pursue legal action against individuals who:
To submit a vulnerability report to CloudFiles’s Product Security Team, please utilize the following email security@cloudfiles.io
We will use the following criteria to prioritize and triage submissions.
If we are unable to resolve communication issues or other problems, CloudFiles may bring in a neutral third party to assist in determining how best to handle the vulnerability.