Vultr values the contributions made by security research communities who analyze and help solve vulnerabilities in the web ecosystem. Like many of our industry peers, Vultr has chosen a policy to compensate researchers for ethical disclosure of security issues. In an effort to improve the feedback loop for bugs on the Vultr platform, we've added a newbug bountyportal where any discovered security issues can be reported.
How Vultr's bug bounty program works:
- Identity a security issue in any part of our platform or API.
- Report it to ushere. Include detailed steps to reproduce the bug and attach additional evidence as needed.
- The report will be reviewed and, if verified, you will be compensated based on the scope and severity of the bug.
In scope sites:
https://my.vultr.com/https://www.vultr.com/https://api.vultr.com/
Focus areas:
- Injection attacks.
- Authentication or authorization flaws.
- Cross-site scripting.
- Sensitive data exposure.
- Privilege escalation.
Please visit ourbug bounty portalfor additional program details and up to date information.