Responsible Disclosure Program

OpsLevel welcomes and encourages security research reports regarding vulnerabilities with our systems. We do not prosecute people who discover and report vulnerabilities to us responsibly and according to the below guidelines. We treat all reports seriously and with high priority.

Guidelines

  • Please avoid any privacy violations, degradations and disruption to our production systems during your testing. This includes any activity that has an impact to the availability of our systems, including the use of vulnerability scanning tools.
  • Do not attempt to brute-force or spam our systems.
  • Never exploit a vulnerability you discover to view data or alter data without authorization.
  • Please keep information disclosed confidential between yourself and OpsLevel, until we resolve the issue. We will make our best efforts to fix issues in a short timeframe.

Scope

The following are not in scope as part of our Responsible Disclosure Program:

Vulnerability Submissions

Please report any security issues you find to security@opslevel.com. If your submission contains any sensitive vulnerability information, please encrypt it using our PGP public key at the bottom of this page.

Please include the following in your submission:

  • Your name and contact information
  • Company name (if applicable)
  • A detailed description of the potential vulnerability
  • Exact steps to reproduce the issue, including any associated URL and parameters demonstrating the vulnerability.
  • Any relevant details of your system’s configuration, such as any browser or user-agent information.
  • Your IP address and OpsLevel account, to coordinate with our logs.

Reward

A reward may be awarded after verifying that the vulnerability is reproducible, unique, and has an impact to our customers. Each submission will be evaluated case-by-case. The decision and amount of the reward will be at our discretion.

Thank You

We want to make sure to sincerely thank you for your disclosing responsibly and working with us improve our security. We understand the work and talent you've put into finding these issues and appreciate you reaching out to us.

Our PGP Key

If you are submitting sensitive vulnerability information or wish to communicate with us privately about your concern, you can use the following PGP key to encrypt your message to us.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENBF5oWwgBCAC+RkY0+/XAluJoQpgun0ztgDWIGWIzOT+70rwReVBdTK4Z40x8
gWPYwvRbLCYmgFXC6EH6JdzqmIlhBIimIm7SC0ThkPOvr6dNgDMdSuV1s2SHB2xg
3UwYVfIhrVJnFF3JApFXSJ7wfpP17d1nV2VK+RbkvdlCMWUckH+dlrzgzQCZhT1g
5sU/0U0GoAI4OwSkRXRszd1dmtoyQUOhLyFoc8YbHaHtr1w6HfGX4ACnU/zHaxQX
ZMGBFc0yVyF1H2ZRgEnWUF4aEsPRPeFnJVB1S+Q2OUJBwhbHh4Mf2ipLFHGCwuEg
N2KjmJUbDMex/UXCxlNqaGlPZLy5sN69G6WDABEBAAG0IkpvaG4gTGFiYW4gPHNl
Y3VyaXR5QG9wc2xldmVsLmNvbT6JAU4EEwEIADgWIQQx8jDZmPki7RTCJ797VxMO
nU+I0gUCXmhbCAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRB7VxMOnU+I
0iVBB/9UXn5nv4q5LlIC6RKjTUCCkAv65LXTAbszkLIXmq7rolWuoC5OheM1dcsy
2+HeKh59tsW/7APLvejOs1d73YsJcPG+uyXpXAltv/RBHUaCiabicFm7O4S1UIY1
fsnpqRSJf6kbm+CSv1/Kjv2mjEQec2c4FXvEcfX6vSFouoUSG8D1pHmsWqHFgTDI
puhANmjUbNF7mPY/bCnFelklGtC/yK3dEDV9Y4WAU73dmIV1j/MTG2JGKh4Px36l
aNo4dW2KXJ/RkiADMK2X2XHejQNqo6MytNhPCLP1RIFjsdCkjxxyDcBhiHXjhzT/
OypmKfE4S5+tcWFx5z/IwUunki6zuQENBF5oWwgBCACnA2X9lVp1+u0+ntBvspXn
YCCkzGvv2OmvL/TyXulvdAV2rvNC3lIJNN5gbBZ650kjVyd8jd5rrKzR5vPqJXHm
NkzlaBISh21yyrFEfmbvXh4sDlAmOOXd+zRsl+wPLtKxMEMwxqnyZIlIHePYu/0c
blHQT/P82upqcA49ywMp0n3EoS/j/ErHJJupbxr5mWRlBjMGf1JbOnkA0MnGOAD2
mEVmT3jadjgcdfsjDMkTi9Wfnx8C9wnv4ZehD4fcsfQE032ZhYB1+Gi+4ABHV7V+
4DsDeU5iwbrpHVuQJn3Cnt5+Egj9sNHHA/fu7f+E7MY1CQJTIZC+BbiU7KzRqejT
ABEBAAGJATYEGAEIACAWIQQx8jDZmPki7RTCJ797VxMOnU+I0gUCXmhbCAIbDAAK
CRB7VxMOnU+I0sZ3CACTr3aT5V8VToVRiGiXVWDTI/fhO/ANXnk6SVX1tlKlmURu
4B6wVtDLEp92jK5Zf+FGB1f7VbEVrlTD42qTE3THWe9U9rJZJoDd8JAUkTxwzZl8
Onh5q7YE0wZ9gKo9oljMQ/HorTYJWP46st1drAiqTsVwwZddn5HLJm8DSLlTqzcY
ZnympK9GU5NK0ubm/4wvajdYsbYJZ9nvsMyz4YZWp5sipIQwq6nsvuUW6D5FT0DV
n/Zp+3N5HsVTI7JqqxogecKhRCIR1yHpiuH4WfL9B3sdHmUYqgHtzGprd2CXzsZA
E/GQ2a0CfCyttEc4qSBFbQr5l2VAWLvrBRFlxmmw
=vzKS
-----END PGP PUBLIC KEY BLOCK-----