Reporting a Security Vulnerability

To report a security vulnerability in any Carbon Black product or service contact productsecurity@carbonblack.com.

You can use our PGP key to encrypt sensitive information.

We encourage you to follow responsible disclosure guidelines, and not disclose your finding publicly until a fix or workaround has been provided by Carbon Black.

Please use the following guidelines when reporting a vulnerability finding to Carbon Black:

Provide an appropriate level of detail including steps to reproduce, any code samples you wish to share, screen shots if applicable, and any other details which would speed our identification of the problem.

Do not publicly share the vulnerability or related details until Carbon Black has released a fix.

Allow a reasonable time period for Carbon Black to address the vulnerability and release a fix. Specific timeframes will be estimated during our assessment of your report.

Carbon Black’s commitment to you:

We will provide prompt acknowledgement of your report

We will work closely with you to answer any questions

We will notify you when the vulnerability has been resolved and a release vehicle determined

We will publicly acknowledge your responsible disclosure (unless anonymity is preferred)