Report a Security Vulnerability
Customers turn to Splunk to understand and improve their security posture. We practice what we preach. We are dedicated to keeping your data secure and private. We are committed to adhering to global and industry compliance initiatives. We prepare for incidents, and we help you prepare, respond to, and remediate the consequences of any incidents.
If you discover a security vulnerability in a Splunk product or service, we want to hear it. To help us best route you, please select from the below options.
If you're a Splunk Customer, go to the Support Portal and submit a New Case. If you already submitted through Support, we'll be in touch with you through the Case.
To learn about how Splunk keeps your data secure and private in its offerings and how it deploys Security by Design particularly in hosted services, visit Splunk Protects. For specific information on the Splunk Product Security Policy, see Splunk Product Security Policy.
For vulnerabilities discovered on SignalFx, visit SignalFx's Responsible Disclosure Program. Otherwise, to contact Splunk Security, fill out the submission form after agreeing to the following terms.
Note the below form routes to Splunk Security through the Bugcrowd managed platform, which requires creating an account on Bugcrowd to claim the submission. If you prefer not to use the form, email firstname.lastname@example.org [PGP public key]. Someone will be in touch with you within two business days of receipt of your communication.
Splunk's Responsible Disclosure program does not offer monetary rewards outside of our Private Program on Bugcrowd targeting On-Premise Splunk Enterprise. If you want to join the hunt, email us.