How to report security vulnerabilities to InfluxData

If you are an existing InfluxData customer or partner, please submit a service request for any security vulnerability you believe you have discovered in an InfluxData product at https://support.influxdata.com.

If you are not a customer or partner, please email [email protected] with your discovery.

InfluxData highly values and appreciates the members of the research community who find security vulnerabilities and responsibly disclose these to InfluxData so that fixes can be issued to all customers. We have our own roots as an open source software company with the philosophy that open source software should be free to use, integrate and create derivative works from regardless of the use case or the user. We develop our software in the open with the help of a global community of developers and contributors with whom we share a common understanding and trust in the free exchange of knowledge.

InfluxData’s policy is to credit and reward all researchers provided they follow responsible disclosure practices:

  • They do not publish the vulnerability prior to InfluxData releasing a fix for it.
  • They do not divulge exact details of the issue, for example, through exploits or proof-of-concept code.
  • InfluxData does not credit employees or contractors of InfluxData and its subsidiaries for vulnerabilities they have found.

Our current rewards include but are not limited to:

  • Public acknowledgement in release notes when a fix for reported security bug is issued
  • Free InfluxData swag, including hoodies, t-shirts, socks and other gear
  • Complimentary tickets to InfluxData events and opportunities to meet with our technical staff

It is not InfluxData’s policy to provide cash awards for discovered vulnerabilities at this time.

In scope assets for Bug Bounty rewards include InfluxDB Cloud and any of our open source distributions such as Telegraf and InfluxDB. You can sign up for a free InfluxDB Cloud account or explore our open source software at https://www.influxdata.com/get-influxdb/.