DigitalOcean values the security of our open source projects. We appreciate the efforts of security researchers and the broader community to help keep our customers and business safe.
Bug Bounty Program
The digitalocean-labs
organization hosts experimental and one-off projects by employees of DigitalOcean. Repos in this organization have no guarantee of support or maintenance. To that effect, repos in this organization are not eligible for monetary rewards.
You can find in-scope repositories and other assets at our public bug bounty program on Intigriti. This program is designed to incentivize the responsible disclosure of security vulnerabilities.
In-Scope Repositories
Only repositories listed on the Intigriti program page are eligible for rewards under the bug bounty program.
If you discover a vulnerability in a repository not listed on the Intigriti page, we still encourage you to report it. While such findings are not eligible for monetary rewards, we value your contribution to the security of our open-source projects.
Please do not open public issues describing vulnerabilities. Instead, send any ineligible findings to [email protected]. If you wish to encrypt your communication, follow these instructions.
Guidelines
- Responsible Disclosure: Please do not publicly disclose the vulnerability without written permission from DigitalOcean.
- Clear Description: Provide a detailed description of the vulnerability, including steps to reproduce it and any relevant proof-of-concept code.
- Impact Assessment: Help us understand the potential impact of the vulnerability.
We are committed to working with you to resolve security issues in a timely and responsible manner.
Thank you for your help in keeping DigitalOcean and our community secure!