Security Disclosure

 

Professional Security Researchers

Our team of dedicated security professionals work vigilantly to keep customer information secure. We recognize the important role that security researchers and our community play in keeping Palo Alto Networks and our customers secure. If you discover a website or product vulnerability, please notify us using the guidelines below.

To report a Palo Alto Networks’ product specific vulnerability, use: https://securityadvisories.paloaltonetworks.com/Report

To report an application specific vulnerability, email us at SecurityDisclosure@PaloAltoNetworks.com

 

Guidelines for responsible disclosure

Please do

  • Share the security issue with us before making it public on message boards, mailing lists, and other forums.
  • Wait until notified that the vulnerability has been resolved before disclosing it to others. We take the security of our customers very seriously, however some vulnerabilities take longer than others to resolve. There are several teams involved in working on these vulnerabilities depending on the vulnerability and the function being exploited.
  • Provide full details of the security issue including steps to reproduce and the details of the system where the tests were conducted.

Please do not

  • Cause potential or actual damage to Palo Alto Networks users, systems or applications.
  • Use an exploit to view unauthorized data or corrupt data.
  • Requests of compensation for the reporting of security issues either to Palo Alto Networks, or through any external marketplace for vulnerabilities, whether black-market or otherwise.