Vultr values the contributions made by security research communities who analyze and help solve vulnerabilities in the web ecosystem. Like many of our industry peers, Vultr has chosen a policy to compensate researchers for ethical disclosure of security issues. In an effort to improve the feedback loop for bugs on the Vultr platform, we've added a new bug bounty portal where any discovered security issues can be reported.
How Vultr's bug bounty program works:
- Identity a security issue in any part of our platform or API.
- Report it to us here. Include detailed steps to reproduce the bug and attach additional evidence as needed.
- The report will be reviewed and, if verified, you will be compensated based on the scope and severity of the bug.
In scope sites:
Focus areas:
- Injection attacks.
- Authentication or authorization flaws.
- Cross-site scripting.
- Sensitive data exposure.
- Privilege escalation.
Please visit our bug bounty portal for additional program details and up to date information.