Vulnerability Reporting and Responsible Disclosure Program
At Palo Alto Networks, security is paramount, and our dedicated team of professionals is committed to keeping customer information secure. We understand the critical role that security researchers and the community play in maintaining the security of Palo Alto Networks and our customers. If you discover a vulnerability in a Palo Alto Networks product or website, we encourage you to report it following our guidelines. You can report a vulnerability specific to a Palo Alto Networks product through email at PSIRT@PaloAltoNetworks.com or through the submission form on our website. For additional security, you can utilize our PGP key available on the website. We value the contributions of security researchers and have a comprehensive Product Security Assurance and Vulnerability Disclosure Policy in place.
Responsible Disclosure Guidelines
Palo Alto Networks follows the principle of Coordinated Vulnerability Disclosure. When we receive a security vulnerability report, our priority is to develop an update and release it promptly to protect our customers. We request the security community to allow us the opportunity to address vulnerabilities before public disclosure. Responsible disclosure guidelines include sharing the security issue with Palo Alto Networks before making it public, providing detailed information on the security issue, waiting for confirmation before disclosure, and communicating about any planned presentations related to the vulnerability. On the other hand, certain actions such as causing potential damage, unauthorized data access, exploitation for compensation, disruptive testing, social engineering, or phishing are strictly prohibited.
Web Vulnerabilities and Responsible Disclosure Details
Palo Alto Networks has a structured Responsible Disclosure Program that categorizes accepted web vulnerabilities including OWASP Top 10 categories and others with demonstrated impact. However, certain vulnerabilities are considered low impact and are out of scope for responsible disclosure. The guidelines specify rules of engagement such as no Denial of Service testing, no Physical or Social Engineering, and no testing of Third-party Services. Additionally, responsible disclosure details for web vulnerabilities outline the types of vulnerabilities that are considered low impact and out of scope for the program. It's important to adhere to these guidelines to ensure a coordinated and effective approach to vulnerability disclosure.
Enhanced Security Offerings with Prisma Cloud
In addition to our dedicated security programs and responsible disclosure guidelines, Palo Alto Networks offers a comprehensive range of security products and services to enhance the security posture of organizations. Prisma Cloud, our AI-Driven Security Operations Platform, provides advanced threat prevention, data loss prevention, IoT security, next-generation firewalls, hardware firewalls, secure access service edge solutions, cloud access security broker, and more. With Prisma Cloud, organizations can benefit from a holistic approach to security that integrates cutting-edge technologies to protect against evolving cyber threats.