Safety and data security is a very high priority for the Panther community. If you are a security researcher and have discovered a security vulnerability in our codebase, we would appreciate your help in disclosing it to us in a responsible manner.

Please do not use GitHub issues for security-sensitive communication.

Security issues identified in any of the open-source codebases maintained by Panther Labs or any of our commercial offerings should be reported via email to security@runpanther.io. Panther Labs is committed to working together with researchers and keeping them updated throughout the patching process. Researchers who responsibly report valid security issues will be publicly credited for their efforts (if they so choose).

Coming soon: Details on our bug bounty program.

If you have feedback or suggestions on improving this policy document, please create an issue.