Rackspace Security Vulnerability Reporting

We've designed our infrastructure and services for security, to protect our customers and their data. But if you discover a security vulnerability with any of our products, control panels, or other infrastructure, we want to know.

**Reporting process
**

Security issues within our product offerings take a very high priority. We want to work with you to understand the scope of the vulnerability and ensure that we correct the problem fully.

1. Report a vulnerability by notifying us at [email protected]. (If needed, you can encrypt your email using our public PGP key.) Please provide detailed information about the following:

• The product, control panel, or infrastructure involved.
• The steps required to reproduce the issue. Please provide scripts/requests, if possible.
• The impact of the vulnerability and how it can be exploited.

Remember to use discretion when reporting issues and respect our customers’ and users’ data and privacy.

2. Once we receive your report, we will contact you to confirm we have received it. We may also contact you for additional information, as we investigate the issue.

3. Please do not post or share any information about a potential security vulnerability in any public setting until we have researched, responded to, and addressed the reported vulnerability and informed customers, if needed. Our products are complex, and reported security vulnerabilities will take time to investigate, address, and fix.

Security disclosure and notifications

For the protection of our customers, Rackspace does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches, fixes, or releases are available. Rackspace usually distributes security disclosures and notifications through blog posts and customer support portals.