PagerDuty takes security vulnerabilities and concerns seriously. We encourage our users and members of the security community to privately report possible vulnerabilities and incidents to us so that we can address these issues quickly.
For requests regarding PagerDuty that aren’t urgent, please contact firstname.lastname@example.org.
Reporting Security Problems Directly to PagerDuty
To report a security concern please email us at email@example.com. We’ll keep all information confidential and work with you to make sure we understand the issue and patch it as quickly as possible.
All issues reported to the Security will be investigated promptly.
- We’ll acknowledge your report as soon as we can (usually within 24 hours).
- We’ll investigate the issue fully. We may elect not to disclose any information publicly until the issue is fully understood to mitigate any risk.
- Once the issue is resolved, we’ll alert any affected customers.
If possible, please send the following:
- URL and parameters demonstrating the vulnerability
- Your system’s configuration including any browser or user-agent information
- Exact reproduction steps
- Your IP address and account, to coordinate with our logs
- If the information is sensitive, please encrypt your email with our PGP key from here or here with the fingerprint “EF49 9DFB 8457 B662 0919 D702 B05A 3200 E6E3 F1BE”
- Please do not send any executable attachments
Thanks for working with us.
We respect the talented people that locate web security issues and appreciate the effort to disclose responsibly.