Digital Shadows welcomes and encourages responsible disclosure of vulnerabilities, and we have partnered with Bugcrowd to handle the triaging of any vulnerability disclosure to ensure it is dealt with promptly.
Digital Shadows will not seek legal action against security researchers who comply with the following requirements:
The following test types are not authorized:
Please note that you are expected to engage in security research responsibly. For example, if you discover a publicly exposed password or key, you should not use the key to test the extent of access it grants or to download or exfiltrate data to prove it is an active key. Similarly, if you discover a successful SQL injection, you are expected not to exploit the vulnerability beyond any initial steps needed to demonstrate your proof-of-concept.
Reporting a Security VulnerabilityPlease use the form below to report security vulnerabilities to Digital Shadows through our Bugcrowd partner portal.