Introduction
AtScale is committed to ensuring the security and privacy of all users of our products, whether they are enterprise customers or members of our broader developer community. We recognize the value of responsible security research and welcome reports of potential vulnerabilities in both our customer-deployed and community-deployed products.
Scope
This policy applies to:
- AtScale Customers using our on-premises product.
- Community/Developer Edition Users who are using the publicly available version of AtScale.
We invite both customers and community users to participate in helping us identify and responsibly disclose security issues.
Reporting Process
If you believe you have discovered a security vulnerability in AtScale products or services, we encourage you to follow these steps to report it.
Submission Methods:
- For Customers: Submit a ticket through the AtScale Help Center.
- For Community Users: Email us at security@atscale.com with the required details below.
Information Required:
When reporting a vulnerability, please include:
- Vulnerability Name
- Affected URL/Endpoint and Product Version (Customer or Community Edition)
- Technical details or Proof of Concept (PoC)
- Business or operational impact (if known/applicable)
Out-of-Scope Vulnerabilities
- Content spoofing/text injection.
- Previously known vulnerable libraries without a working Proof of Concept.
- Open ports without additional PoC.
- Exposed API keys without a clear demonstration of security impact.
- Missing cookie flags on non-security sensitive cookies.
Communication and Response
Upon receiving a vulnerability report, AtScale will acknowledge the receipt within the defined SLA.