Vulnerability Disclosure Program

Digital Shadows welcomes and encourages responsible disclosure of vulnerabilities, and we have partnered with Bugcrowd to handle the triaging of any vulnerability disclosure to ensure it is dealt with promptly.

Digital Shadows will not seek legal action against security researchers who comply with the following requirements:

1. The reporter must comply with Bugcrowd’s Standard Disclosure Terms
2. Do not compromise the safety or privacy of our users
3. Notify Digital Shadows immediately upon discovery of any loss or unauthorized disclosure of Confidential Information

The following test types are not authorized:

• Engaging in Social Engineering
• Introducing or adding a malware/malicious software
• Network denial of service (DoS or DDoS) tests
• Physical testing (e.g., office access, open doors, tailgating), social engineering (e.g., phishing, vishing), or any other non-technical vulnerability testing

Please note that you are expected to engage in security research responsibly. For example, if you discover a publicly exposed password or key, you should not use the key to test the extent of access it grants or to download or exfiltrate data to prove it is an active key. Similarly, if you discover a successful SQL injection, you are expected not to exploit the vulnerability beyond any initial steps needed to demonstrate your proof-of-concept.

Please use the form below to report security vulnerabilities to Digital Shadows through our Bugcrowd partner portal.