Disclose a Vulnerability
We make every effort to secure our customer’s data and eliminate any potential security vulnerabilities on our platform. However, it is possible that a vulnerability may be introduced inadvertently and may be noticed by a security researcher or a user of our platform.
If this occurs, we ask that the person who discovers the vulnerability exercise responsible disclosure and alert our team to the issue privately so that we can respond appropriately to ensure the security of our platform and the protection of our customer’s data.
If you discover a security vulnerability on our platform, please send an email to [email protected] to disclose the vulnerability. Include the full details of the vulnerability as well as sufficient information so that our Engineering team can get in touch with you if they need additional information.
Does Kinsta have a bug bounty program?
Kinsta does not have a bug bounty program.
Bug bounty programs may lead to the discovery of significant vulnerabilities. However, they do also tend to attract attention from a small subset of security researchers who are more interested in extorting a company for financial gain than in improving the security of the platform they are researching. As a result, it is Kinsta’s policy not to pay for the disclosure of security vulnerabilities.
How are security vulnerability reports handled?
Kinsta’s Engineering team reviews all submitted reports of security vulnerabilities on a daily basis. Each report is evaluated, and our team determines if an actual vulnerability exists.
When an actual vulnerability is discovered, our team will work to resolve the vulnerability as soon as possible.
While our team may reach out to you to gather more information following the submission of a security vulnerability report, we cannot guarantee that we will be able to respond to each submitted report.