Chronosphere Responsible Disclosure
Security is a top priority for Chronosphere, and we believe that working with skilled security researchers can identify weaknesses in any technology.
If you believe you’ve found a security vulnerability in Chronosphere’s service, please do not hesitate to notify us; we will work with you to resolve the issue promptly.
Rules of Engagement
Please email details of the vulnerability finding, including information needed to reproduce and validate the vulnerability to [email protected]
Do not attempt to conduct post-exploitation, including modification or destruction of data, and interruption or degradation of Chronosphere services
Do not attempt to perform brute-force attacks, denial-of-service attacks, compromise, or testing of Chronosphere accounts that are not your own.
Do not attempt to target Chronosphere employees or customers using methods, including social engineering attacks, phishing attacks or physical attacks
Do not use automated scanners/tools
Do not intentionally view, store, modify, or destroy data that does not belong to you
You commit to promptly returning or destroying all copies of confidential information and related notes upon the Chronosphere’'s request
Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within one week of disclosure
Exclusions
The following vulnerabilities are outside of scope. As a result, please refrain from testing and reporting:
Distributed Denial of Service (DDoS) or Denial of Service (DoS)
Spamming
Social engineering or phishing of Chronosphere employees or contractors
Any attacks against Chronosphere's physical property or data centers
DMARC and SPF records
Content spoofing/text injection
Missing HTTP security headers
Missing cookie flags on non-sensitive cookies
Vulnerabilities only affecting users of outdated or unpatched browsers and platforms
Vulnerabilities solely affecting users of outdated or unpatched browsers.
Security best practices i.e. security headers, etc.
Thank you for helping to keep Chronosphere and our users safe!
Contact
Chronosphere is always open to feedback, questions, and suggestions. If you would like to talk to us, please feel free to email us at [email protected].