Reporting a Security Vulnerability

basic_heading secondary

How to Report

text_image_eight full_width

We encourage you to follow responsible disclosure guidelines, and to not disclose your finding publicly until a fix or workaround has been provided by Carbon Black.

Contact productsecurity@carbonblack.com to report a security vulnerability in any Carbon Black product or service. You can use our PGP key to encrypt sensitive information.

 

 

basic_heading secondary

Vulnerability Reporting Guidelines

text_image_eight full_width
  • Provide an appropriate level of detail including the steps needed to reproduce the issue, any code samples you wish to share, applicable screen shots, and other details that could facilitate our identification of the problem
  • Do not publicly share the vulnerability, or related details, until Carbon Black has released a fix
  • Allow a reasonable timeframe for Carbon Black to address the vulnerability and release a fix; Specific timeframes will be estimated during our assessment of your report

 

 

basic_heading secondary

Carbon Black’s Commitment to You

text_image_eight full_width
  • We will provide prompt acknowledgement of your report
  • We will work closely with you to answer any questions
  • We will notify you when the vulnerability has been resolved and a release vehicle determined
  • We will publicly acknowledge your responsible disclosure (unless anonymity is preferred)