Khoros is fully committed to keeping our customers' information secure. We encourage safe and responsible security testing and reporting of security issues according to the following few simple rules.
- All security testing must be conducted in our non-production environment to minimize risk to our customers. Please contact the Khoros Information Security team at security [at] khoros [dot] com for details or to arrange for testing.
- Report all issues privately and securely to Khoros Security team by sending an email to security [at] khoros [dot] com. If possible, please use proper encryption and protection such as SMIME certificates or PGP encryption. Please refer to the Reporting Security Issues section below for additional details.
- Do not attempt any testing that could cause or trigger a Denial-of-Service condition.
- Do not attempt to access, modify, or delete information that does not belong to you or your organization.
Reporting Security Issues
To report security issues or problems with any Khoros product or service or website, please follow these simple rules:
- If you are conducting security testing, please follow our Security Testing Policy above.
- Report all issues privately and securely to the Khoros Security team by sending an email to security [at] khoros [dot] com. If possible, please use proper encryption and protection such as SMIME certificates or PGP encryption. Please refer to the Reporting Security Issues section below for additional details.
- Provide full details of the issue including screenshot(s) and/or video(s) and any details to replicate the problem.
- Provide your contact information so the Khoros Information Security team could contact you for clarifications or details.
Note - We currently do not have a bounty or cash reward program for such disclosures.
