Responsible Disclosure
We would like to keep MaxCDN safe and secure for everyone. If you have discovered a security vulnerability we would greatly appreciate your help in disclosing it to us in a responsible manner.
Publicly disclosing a vulnerability can put the entire MaxCDN community at risk. If you have discovered a possible vulnerability we would greatly appreciate you emailing us at [email protected].
The scope for disclosing a security vulnerability:
- www.maxcdn.com, cp.maxcdn.com, blog.maxcdn.com, edge servers are valid targets
- Third -party services are out of scope
- Customer websites are out of scope
- Social engineering is out of scope
- Spam is out of scope
- DoS attacks are not valid security vulnerabilities
Eligibilities:
- Your submission must be an unknown threat our team was not aware of
- You must be 18 years old or older
- The vulnerability must not have been made public
Rewards:
Depending on the seriousness of the found security threat there are 2 possible rewards:
- Free t-shirt
- Wall of Fame on our website
We will work with you to assess and understand the scope of the issue and fully address any concerns. Any emails to [email protected] immediately are sent to our entire engineering staff to ensure that issues are addressed immediately. Any security emails are treated with the highest priority as the safety and security of our service is our primary concern.
