Security & Responsible Disclosure
We take security seriously. If you've discovered a security vulnerability, we appreciate your help in disclosing it to us responsibly.
Report a vulnerability
Send your report to our security team:
security@k8s-engine.comFor sensitive reports, you may encrypt your email using our PGP key (available on request).
How to report
Send an email
Email security@k8s-engine.com with details of the vulnerability.
Include details
Provide steps to reproduce, potential impact, and any proof-of-concept.
Wait for response
We will acknowledge your report and work with you on resolution.
What to include in your report
- Description: Clear explanation of the vulnerability
- Steps to reproduce: Detailed instructions to recreate the issue
- Impact: What an attacker could achieve
- Proof of concept: Screenshots, videos, or code (if available)
- Your contact info: So we can follow up with questions
Guidelines
What to report
- Security vulnerabilities in K8S Engine services
- Authentication or authorization bypasses
- Data exposure or leakage
- Cross-site scripting (XSS) or injection vulnerabilities
- Privilege escalation issues
What not to report
- Denial of service (DoS) attacks
- Social engineering attacks on employees
- Physical security issues
- Spam or phishing attempts
- Issues in third-party services we do not control
Our response
Initial acknowledgment
We aim to acknowledge all reports within 2 business days.
Investigation
We'll investigate and keep you updated on our progress.
Resolution
We'll work to fix valid issues promptly and notify you when resolved.
Safe harbor
We consider security research conducted according to this policy to be authorized and will not pursue legal action against researchers who follow these guidelines in good faith.
If you've made a good faith effort to comply with this policy during your research, we will work with you to understand and resolve the issue quickly, and we will not recommend or pursue legal action related to your research.