Vultr values the contributions made by security research communities who analyze and help solve vulnerabilities in the web ecosystem. Like many of our industry peers, Vultr has chosen a policy to compensate researchers for ethical disclosure of security issues. In an effort to improve the feedback loop for bugs on the Vultr platform, we've added a new bug bounty portal where any discovered security issues can be reported.
How Vultr's bug bounty program works:
1. Identity a security issue in any part of our platform or API.
2. Report it to us here. Include detailed steps to reproduce the bug and attach additional evidence as needed.
3. The report will be reviewed and, if verified, you will be compensated based on the scope and severity of the bug.
In scope sites:
• Injection attacks.
• Authentication or authorization flaws.
• Cross-site scripting.
• Sensitive data exposure.
• Privilege escalation.
Please visit our bug bounty portal for additional program details and up to date information.