GPU AI/ML today! NVIDIA A100s & H100s for €2.06/hRead more
Under attack?
EN

Products

Solutions

Pricing

Resources

Partners

Why Gcore

Under attack?
EN
Contact us
Contact us Sign up for free

Security bug bounty program at

Introduction

Gcore S.A., 2-4, rue Edmond Reuter, L-5326 Contern, Luxembourg (“Gcore”, “we”, “us”) welcomes feedback from security researchers and the general public (“reporter”, “you”) to help improve our security. If you believe you have discovered a vulnerability, privacy issue, exposed data, or other security issues in any of our assets, we want to hear from you via our bug bounty program (“Gcore Bug Bounty Program”) in accordance with this vulnerability disclosure policy. This vulnerability disclosure policy outlines steps for reporting vulnerabilities to us, what we expect, and what you can expect from us.


Systems in Scope


This policy applies to any digital assets owned, operated, or maintained by Gcore, including but not limited to:

• *.gcore.com
• *.gcorelabs.com
• *.gcore.lu
• *.gcore.top
• https://github.com/g-core


Out of Scope


Please note that domains, assets, or other equipment not owned by us are out of scope of Gcore Bug Bounty Program and this policy. Gcore cannot and does not authorize security research on third parties. Vulnerabilities discovered or suspected in out-of-scope systems should be reported to the appropriate vendor or applicable authority. Please find below examples of what is considered as assets not owned by us and therefore out of scope:

• hosting.gcore.com
• kvm.gcore.com
• dci.gcore.com
support.gcore.com (Zendesk portal)
• *.gcdn.co
roadmap.gcore.com
https://meet.gcore.com (and other custom domains on which same "Interactive Video" demo app runs)

Anything not declared as a target or in scope above should be considered out of scope for the purposes of this policy. However, for the avoidance of doubts, below are examples of what is considered out of scope of this policy and not eligible for Gcore Bug Bounty Program:

• Possible vulnerabilities that do not include proof of concept code or a demonstrated exploit
• Third-party websites, systems, platforms, or libraries with new or published vulnerabilities
• DoS/DDoS or any service disruptions
• Physical attacks, social engineering attacks, and phishing attacks of any kind
• Simple, non-XSS content injection
• Descriptive error messages, exposing software version or any "information disclosure"
• Spelling errors, UI and UX bugs

We may still reward anything with significant impact across our entire security posture, so we encourage you to report such bugs via Gcore Bug Bounty Program.

Contact us to get a personalized offer

Tell us about the challenges of your business, and we’ll help you grow in any country in the world.
bugbounty@gcore.com

We provide powerful solutions that will help your business grow globally. Try our superior performance for free.

Convenient cloud services with low latency around the world proven by the largest online businesses.

Made in Luxembourg
Association of the internet industry
World Records Guinness
CDNDNSHostingStreaming PlatformStorageDDoS ProtectionCloudIT Infrastructure Management
AboutReferral ProgramCase StudiesCareersBlogLearningPressLegal Information#SupportUkraine
Status PageAPI DocumentationProduct DocumentationLooking GlassDeveloper ToolsProducts RoadmapHelp Center

Contact

support@gcore.cominfo@gcore.comReport abuse

Sales

+ 352 208 80 507sales@gcore.com

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

MastercardPayPalVisaMastercardVisa Verified

G-Core Labs S.A. © 2015–2024 All rights reserved. Principal place of business and postal address: 2-4, Rue Edmond Reuter, L-5326 Contern, Luxembourg

Made in Luxembourg
Association of the internet industry
World Records Guinness