Bug Bounty Program

We’re committed to making Spectro Cloud Palette a safe and secure environment for enterprise Kubernetes, and we follow best practices to secure our development and operations. But we know that no software is perfect, and we welcome the help of the security community to identify potential vulnerabilities in our products and systems through our bug bounty program (the “Program”).

The following description outlines eligibility and scope, how to report vulnerabilities, and other important terms. If you believe you've found a vulnerability, we encourage you to notify us so we can fix the issue quickly.

What we expect from you

What’s in scope?

spectrocloud.com, kairos.io, code on https://github.com/spectrocloud, and the Spectro Cloud Palette product, including our PXK Kubernetes distributions.

What’s out of scope?

Our bug bounty program doesn’t cover:

Additional Terms and Conditions

Australia
Austria
Belgium
Botswana
Bulgaria
Canada
Chile
China
Colombia*
(The bank must be Bancolombia)
Costa Rica
Croatia
Cyprus
Czech Republic
Denmark
Egypt
Estonia
Finland
France
Georgia
Germany
Ghana
Greece
Hong Kong
Hungary
India
Indonesia
Ireland
Italy
Japan
Kenya
Latvia
Liechtenstein
Lithuania
Luxembourg
Malaysia
Malta
Mexico
Monaco
Morocco
Nepal
Netherlands
New Zealand
Norway
Philippines
Poland
Portugal
Romania
Singapore
Slovakia
Slovenia
South Africa
South Korea
Spain
Sri Lanka
Sweden
Switzerland
Thailand
Turkey
Ukraine
United Arab Emirates (UAE)*
(The account address cannot be in Israel)
United Kingdom
Uruguay
Vietnam

Honorable mentions:

We would like to thank the following people for contributing to the security of Spectro Cloud: