Responsible disclosure policy

Percona RDBA aim to provide "best in class" security for all our services; as such please note we provide the following Responsible disclosure policy for security researchers and whitehats alike.


Responsible Testing


Percona RDBA reserves all legal rights in event of non compliance with the following guidelines.

  • You may test only against an Account for which you are the owner
  • Prohibited testing list
    • All types of Denial of Service attacks.
    • Fuzzing without prior authorization from Percona RDBA.
    • Knowingly uploading/distributing malicious payloads (e.g. browser exploitation, request redirection, phishing, etc.).
    • Testing which would yield unauthorized junk mail, spam, phishing and all other unsolicited mail.
    • Testing from any country under U.S. Sanctions (e.g. North Korea, Libya, Cuba, etc.).
    • Testing which would degrade the performance, reliability and/or availability of services.
      • If you have a legitimate test case please contact us
    • Targeting individuals (e.g. Phishing, Spear phishing, social engineering, man in the middle, malicious hid devices, etc).

Reporting


Reports should be sent to remotedba@percona.com; we'll work with you to ensure we fully understand the scope of the issue reported and that it is addressed in a timely manner.
If you wish to send us an encrypted email please use our public gpg key.


Thank You!


Thank you for your help with keeping our services secure. We sincerely appreciate your time and effort.