StatusPage takes security very seriously, and we thank all of the white hats in our community for their research and assistance. Below you will find our responsible vulnerability disclosure policy, as well as multiple methods to get in contact with us.

How to disclose an issue

The StatusPage.io disclosure program is managed through BugCrowd. To see the terms of the program and participate, go to BugCrowd and sign up as a tester. You will need to accept the StatusPage.io terms of service to engage in testing. If you have identified a vulnerability, please report it via BugCrowd to be eligible for a reward.

Visit the BugCrowd portal for the StatusPage.io bounty program.

Sensitive disclosures

If during the course of your testing you need to disclose an extremely critical vulnerability - remote code execution, private key leak, etc - you may contact us directly via secured email, private phone call, or in-person meeting. Please use these communication mediums judiciously.

Acknowledgements

Thank you so much to our community of users who have responded with a responsible disclosure.

2014

2013

Document Last Updated: April 21st, 2014