Skip to main content

Splunk Vulnerability Discosure

Customers turn to Splunk to understand and improve their security posture. We practice what we preach. We are dedicated to keeping your data secure and private. We are committed to adhering to global and industry compliance initiatives. We prepare for incidents, and we help you prepare, respond to, and remediate the consequences of any incidents. To learn about how Splunk keeps your data secure and private in its offerings, how it deploys Security by Design particularly in hosted services, and our policies visit Splunk Protects.


If you discover a security vulnerability in a Splunk product or service, we want to hear it. If you're a Splunk Customer, go to the Support Portal and submit a New Case. If you already submitted through Support, we'll be in touch with you through the Case. 


To report a vulnerability to Splunk Security, please fill out the submission form below. If you prefer not to use the form, email prodsec@splunk.com [PGP public key]. Someone will be in touch with you within two business days of receipt of your communication.


The form routes to Splunk Security through the HackerOne managed platform, which requires creating an account on HackerOne to claim the submission. Splunk's Responsible Disclosure program does not offer monetary rewards. By submitting your report, you agree to the Splunk Website Terms & Conditions of Use.