Professional Security Researchers
Our team of dedicated security professionals works vigilantly to keep customer information secure. We recognize the important role that security researchers and our community play in keeping Palo Alto Networks and our customers secure. If you discover a website or product vulnerability, please notify us using the guidelines below.
To report a vulnerability specific to a Palo Alto Networks’ product, please use: https://securityadvisories.paloaltonetworks.com/Report or email us at PSIRT@PaloAltoNetworks.com. For additional security, you can find our PGP key here.
To report any other vulnerability involving the Palo Alto Networks, email us at SecurityDisclosure@PaloAltoNetworks.com.
Guidelines for Coordinated Vulnerability Disclosure
Palo Alto Networks follows Coordinated Vulnerability Disclosure. When Palo Alto Networks receives a security vulnerability report, we work as quickly as possible to develop an update and release it to our customers, so they can be protected.
We ask the security community to give us an opportunity to fix vulnerabilities before releasing information publicly and to follow the steps below:
- Share the security issue with us before making it public on social media, message boards, mailing lists, conference talks, and other forums.
- Provide full details of the security issue including steps to reproduce and the details of the system where the tests were conducted.
- Wait until notified that the vulnerability has been resolved before disclosing it to others. We take the security of our customers very seriously, however some vulnerabilities take longer than others to resolve. There are several teams involved in working on these vulnerabilities depending on the vulnerability and the function being exploited.
- If you are planning to present at a conference, let us know the date as soon as possible.
Please do not
- Cause potential or actual damage to Palo Alto Networks users, systems or applications.
- Use an exploit to view unauthorized data or corrupt data.
- Request compensation for the reporting of security issues either to Palo Alto Networks, or through any external marketplace for vulnerabilities, whether black-market or otherwise.