Vulnerability Disclosure Policy

Background

The Vulnerability Disclosure Policy (VDP) provides guidelines for reporting potential security vulnerabilities in our products, services and systems. It establishes a safe, legal and coordinated way for customers and the public to disclose issues responsibly.

Please note: Keeper Security, Inc. also operates an official bug bounty program. Submissions under this Vulnerability Disclosure Policy (VDP) are accepted and reviewed, but they will not receive financial compensation or coordinated follow-up.

Scope

This Policy applies to the following systems owned and operated by Keeper Security:

  • Web applications
  • APIs
  • Mobile Apps
  • All services owned and operated by Keeper Security

Reporting Guidelines

If you discover a potential vulnerability, please:

  • Report it via Vulnerability Disclosure Form.
  • Include a clear description with technical details.
  • Refrain from publicly disclosing the issue until we have confirmed and mitigated it.
  • Avoid any activity that could disrupt systems, compromise data or impact customers.

Rules of Engagement

Under this policy and the applicable Keeper terms and conditions, you are not permitted to do any of the following:

  • Exploit vulnerabilities beyond what is necessary to prove their existence.
  • Access, modify or exfiltrate customer or employee data.
  • Compromise privacy, degrade services, availability or affect system integrity.
  • Use automated scanning tools that generate high traffic or denial-of-service conditions.

Bug Bounty Program

Keeper Security, Inc. also operates a separate public bug bounty program known as “Bugcrowd” that offers coordinated engagement and reward for eligible participants. The bug bounty program is distinct from this Vulnerability Disclosure Policy (VDP).

Reports submitted through this VDP are accepted and reviewed at Keeper Security, Inc.'s discretion, but are not eligible for financial compensation or coordinated communication unless through the bug bounty program.

Researchers who wish to participate in the bug bounty program may indicate their interest when submitting a report through this VDP, and Keeper Security, Inc. may extend an invitation to join. For more information, please visit Bugcrowd.

close
Business Sales
Support
close
Buy Now