HashiCorp
HashiCorp, now an IBM company, provides cloud infrastructure automation software including Terraform, Vault, and Consul, trusted by 4,300+ organizations worldwide.
External Program
Submit bugs directly to this organization
HashiCorp
HashiCorp, now an IBM company, provides cloud infrastructure automation software including Terraform, Vault, and Consul, trusted by 4,300+ organizations worldwide.
External Program
Submit bugs directly to this organization
We deeply appreciate any effort to discover and coordinate the disclosure of security vulnerabilities. HashiCorp does not currently operate a public bug bounty program or offer monetary rewards for vulnerability reports, but individuals may be acknowledged in product security bulletins as appropriate.
If you would like to report a vulnerability in one of our products or services, or have security concerns regarding HashiCorp software or systems, please email [email protected].
To support a timely and effective response to your report, please include any of the following:
HashiCorp takes all vulnerability reports very seriously and aims to rapidly respond and verify the vulnerability before taking the necessary steps to address it. After an initial reply to your disclosure, which should be directly after receiving it, we will update you periodically with our response and remediation status.
Security issues related to HashiCorp-owned domains/properties that we have already assessed for risk and will address in future include: