Linode
External Program
Submit bugs directly to this organization
Linode
Linode has partnered with HackerOne to operate our private bug bounty and disclosure program. We welcome in-scope vulnerability reports. Linode is committed to the security of its infrastructure and customer's data. Linode security posture has been designed to give customers the foundation to build secure systems and applications. At Linode, we take security very seriously to guarantee the security and confidentiality of both our infrastructure and customer data. Our team strives to quickly remediate vulnerabilities. We request that you follow coordinated disclosure guidelines until we confirm that the issue is fixed, tested and deployed. Please do not discuss any vulnerability outside the program without Linode Security Team consent. We understand you may want to blog about your findings, but please get our permission and allow us to remediate the issue first.
Security researchers who submit valid reports through this program may be eligible for monetary awards. If you have not been invited to our program, please use the Contact Security Team button on this page to submit your report.
Note: Linode is part of Akamai Connected Cloud. Akamai also operates a separate, private bug bounty program for the Akamai CDN.
By participating in this program, you agree to be subject to Akamai’s Security Research Agreement and to follow the Program Rules outlined below.
In general, we ask all hackers to follow HackerOne's disclosure guidelines.
As this is a private program, we further request that you do not discuss this program or any vulnerabilities (even resolved ones) outside of the program without express consent from the Linode Security Team and until we confirm that the issue is fixed, tested, and deployed. After remediation, we are happy to have you share your findings and may at times work with you to e.g., cross-publish particularly interesting vulnerabilities on our blog or link to your work.
Linode is dedicated to providing response and transparent communication throughout the process of investigating and addressing security concerns. Upon reaching out to us, you can expect a personalized response within 48 hours, acknowledging the receipt of your reported vulnerability. Additionally, we will keep you informed of the progress regularly, with updates provided by Linode at least every five US working days. Some reports may require up to 60 days to be remediated after the report is acknowledged, depending on the complexity of the underlying issue. Our commitment is to ensure that you are promptly attended to and well-informed throughout the resolution process.
| Category | Asset |
|---|---|
| Linode Customers | *.linodeusercontent.com |
| Linode Customers | *.linodeobjects.com |
| Linode Customers | *.nodebalancer.linode.com |
| Linode Customers | *.members.linode.com |
If you would like to report a vulnerability or malicious activity in a customer-owned asset, please submit your report to our abuse reporting portal.
As noted above, by participating in this program, you agree to be subject to Akamai’s Security Research Agreement.
We reserve the right to change or modify the terms of this program at any time.
You may not participate in this program if you are a resident or individual located within a country appearing on any U.S. sanctions lists (such as the lists administered by the US Department of the Treasury’s OFAC).
Akamai employees (including former employees that separated from Akamai within the prior 12 months), contingent workers, contractors and their personnel, and consultants, as well as their immediate family members and persons living in the same household, are not eligible to receive bounties or rewards of any kind under the Akamai or Linode Bug Bounty programs.
If you have any questions or feedback on the Akamai Bug Bounty Program, please feel free to reach out to us via email at [email protected].