Report a Security Vulnerability
Customers turn to Splunk to understand and improve their security posture. We practice what we preach. We are dedicated to keeping your data secure and private. We are committed to adhering to global and industry compliance initiatives. We prepare for incidents, and we help you prepare, respond to, and remediate the consequences of any incidents.
If you discover a security vulnerability in a Splunk product or service, we want to hear it. To help us best route you, please select from the below options.
If you're a Splunk Customer, go to the Support Portal and submit a New Case. If you already submitted through Support, we'll be in touch with you through the Case.
To learn about how Splunk keeps your data secure and private in its offerings, how it deploys Security by Design particularly in hosted services, and our policies visit Splunk Protects.
To report a vulnerability to Splunk Security, please fill out the submission form below. For vulnerabilities discovered on Splunk Observability Cloud, visit Splunk Observatibility Cloud's Responsible Disclosure Program. If you prefer not to use the form, email email@example.com [PGP public key]. Someone will be in touch with you within two business days of receipt of your communication.
The form routes to Splunk Security through the Bugcrowd managed platform, which requires creating an account on Bugcrowd to claim the submission. Splunk's Responsible Disclosure program does not offer monetary rewards.
By submitting your report, you agree to the Splunk Website Terms & Conditions of Use.