Responsible Disclosure
Our Commitment to Security
At Vespa.ai, we take the security of our products and services seriously. We value the contributions of security researchers who help us identify and address potential vulnerabilities. This Responsible Vulnerability Disclosure Program outlines how security researchers can responsibly report potential vulnerabilities to us.
We encourage security researchers to report potential vulnerabilities they discover in our products or services through our dedicated program on Intigriti. We are committed to working with researchers to investigate and address reported vulnerabilities in a timely and responsible manner.
How to Report a Vulnerability
Please submit your vulnerability reports through our Vulnerability Disclosure Program (VDP) in collaboration with Intigriti.
When submitting your report, please include as much detail as possible, including:
- A clear description of the vulnerability
- Steps to reproduce the vulnerability
- Any potential impact of the vulnerability
Bug Bounty
We currently do not have a public bug bounty program. All reports should be made through our VDP. We may award a bonus for any accepted issues. The amount of any award will be based on the quality of the report and the severity of the issue.
Our Commitment to Researchers
We value the contributions of security researchers and are committed to working with them in a responsible and collaborative manner. We will:
- Acknowledge receipt of your report within 3 business days
- Keep you informed of the progress of our investigation
- If you have followed the guidelines and rules of engagement as described above, we will not take any legal action