Responsible Disclosure Program

Aqua Security is committed to maintaining the security of our products, services, and systems. We believe that the Responsible Disclosure Program is an inherent part of this effort.

If you believe you have discovered a potential security vulnerability or bug within any of Aqua Security’s publicly available resources, sites, or one of our services or products, we would like you to let us know as quickly as possible by emailing our Security Team at [email protected].

Our team will review the disclosed information, evaluate, and if possible, remediate or mitigate the findings.

Report a Vulnerability

Please let us know about the vulnerabilities you identify as quickly as possible. The report sent to [email protected] should include sufficient information for us to validate and reproduce the issue, including:

  • The service, resource, site or product affected. Please include URL, IP address, resource or product name.
  • Detailed description of the vulnerability.
  • Description, steps were taken and tools that were used to discover the vulnerability.
  • Projected impact of the vulnerability and likely attack scenario.
  • Proof of Concept (PoC) – please supply instructions demonstrating how the vulnerability might be exploited.
  • Remediation, mitigation or corrective actions of how to fix the vulnerability.

Important to mention

  • Please do not publicly disclose the details of any potential security vulnerabilities without written consent from Aqua Security authoritative department.
  • Aqua Security does not condone any malicious or illegal behavior in the identification and reporting of security vulnerabilities and you should not engage in any activity that violates applicable laws.
  • If you discover personally identifiable information (PII) while exploring a suspected security vulnerability, please cease your investigation and report the vulnerability that led to such discovery immediately.

Things to Avoid

If you are considering submitting a vulnerability report, your values clearly align with ours. You know how critical security is and you want to protect the information. Understanding this shared perspective, we do not want you to take on or create unnecessary risk in order to discover a vulnerability.
Accordingly, we ask that you kindly avoid performing actions that may:

  • Negatively affect availability or integrity of any of Aqua Security or its customers services, infrastructure or data.
  • Retain or disclose any Personally Identifiable Information (PII) discovered.
  • Violate any other applicable laws or regulations.

Rewards

Aqua recognizes and rewards security researchers who help us keep people safe by reporting vulnerabilities in our services.

  • Monetary bounties for such reports are entirely and solely at Aqua’s discretion, based on risk, impact, and other factors.
  • To potentially qualify a bounty, you first need to follow the requirements and adhere to Responsible Disclosure Program.
  • We investigate all valid reports. In case found qualified, we award a bounty to the first person to submit an issue.
  • Bounty amounts determined based on a variety of factors, including but not limited to impact, ease of exploitation, and quality of the report.
  • If we pay a bounty, the minimum reward is $20 USD. Note that extremely low-risk issues may not qualify for a bounty at all.
Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security stops cloud native attacks across the application lifecycle and is the only company with a $1M Cloud Native Protection Warranty to guarantee it. As the pioneer in cloud native security, Aqua helps customers reduce risk while building the future of their businesses. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP), protecting the application lifecycle from code to cloud and back. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Settings |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links