RedLock is now a part of Palo Alto Networks - READ MORE
Product Security

Product Security Statement

RedLock highly values the work done by security researchers in improving the security of our product. We are committed to working with this community to verify, reproduce, and respond to legitimate reported vulnerabilities. We encourage the community to participate in our responsible reporting process.

Product-related vulnerabilities

Please report product related issues directly to security@redlock.io, using our GPG key (see below) to encrypt reports containing sensitive information. Please do not contact employees directly or through other channels about a report.

Third-party bugs

If issues reported to our security team affect a third-party library, external project, or another vendor, RedLock reserves the right to forward details of the issue to that party without further discussion with the researcher. We will do our best to coordinate and communicate with researchers through this process.

Responsible disclosure guidelines

We will investigate legitimate reports and make every effort to rapidly correct any vulnerability. To encourage responsible reporting, we will not take legal action against you nor ask law enforcement to investigate you provided you comply with the following Responsible disclosure guidelines:

— Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC).

— Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services.

— Do not modify or access data that does not belong to you.

— Give RedLock reasonable time to correct the issue before making any information public.

— Do not intentionally violate any other applicable laws or regulations, including (but not limited to) laws and regulations prohibiting the unauthorized access to data.

— For the purposes of this policy, you are not authorized to access user data or company data, including (but not limited to) personally identifiable information and data relating to an identified or identifiable natural person.

For the avoidance of doubt

— RedLock considers that a good-faith security researcher who complies with this policy to access a computer has not accessed a computer without authorization or exceeded authorized access under the Computer Fraud and Abuse Act (“CFAA”).

— RedLock will not bring a copyright infringement claim under the Digital Millennium Copyright Act (“DMCA”) against a good-faith security researcher who circumvents security mechanism, so long as the researcher does not access any other code or binaries.

Out of scope

— Denial-of-service attacks.

 

Download the RedLock Disclosure Public ASC file.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFt+6yoBEAC5vUvDJVmY5YAX+WBgJj3Wz3DR3lndlgzOwgZspft1kqi/wVki
0umzY1+/ptyQnbdj3D6VdESbHw+KTathbQobQUWgHzUIEtnaUCCLuyhfEeAVfvxi
bdyspwE6GDJeT9AK0ANAJJ6QJNrdY5LG/9QKMapP+M3WFJMjbceUPUpg2nFUx47C
tgteYOgkcluXD2lGir0r0aMaHs4QUhSSK2QXeo02HEtdecZpd0GL5Bxd5EQFmIEP
8EXBs8e062ryiIqF6KaOMN1bsbk8k/AU7z07EvEquGh5GFa05/ze52TuPVQKT0lk
x8aSuk4rszelt3JATOb2X1PhC14G24llcRcKkpZec+q4sncO/ulv2x2aP6YwQClP
5hkP5ZWggi8vPMTzxMclVsxXMUBJQIgRzCjayr2mORBnda8xRndhAX1warCaabpg
TVn1QJgCr1nP9UXNzQ9yZ6XGV4gByjewFgFejjoKCjZzi1ZvXGs6LdK0gmZ6btKb
Ok3l6xnwqfF1m2mu+wRTq2qzsZreaj1LWSELT13i67L0NdL0W5HsNVo61HHwpBSU
9ugxwCbOgFAbxqLtox1qTYPhuXZOCgDG/L1CC9WZyo0kW0o9ejHZkmkvDBjb7pGi
O6YslstPLzz23BrZcX2532pjjZK5tg5hD8VZJqYrfu1YKShLPzY/lsXYIwARAQAB
tChSZWRMb2NrIERpc2Nsb3N1cmUgPHNlY3VyaXR5QHJlZGxvY2suaW8+iQJUBBMB
CAA+FiEEk0GM/wxG0zcjvOH6ceSgeoFos9oFAlt+6yoCGwMFCQeGH4AFCwkIBwIG
FQoJCAsCBBYCAwECHgECF4AACgkQceSgeoFos9oJOA//RNzwWrT87lYbSSlZ0fiw
xUszA8wt0Ey7GN+JhQQb2KtulYMnsjsYv0TbQTgEWcT1N8iNCAO48JbaP2n/52zT
mTXUAwa3p0I4dwbqeiwZ+eQjK5Z37wS4uWlRuH8c2ajeXYE6rr18abWOUcLqJ2cE
0k3HMGI1uehgYy6flRYBckGefoDPj9Mixx8vrMjWy9y6FfY+zYPDDjUdpWXmW55e
aGwppAAaD5uer/r6VXy5H1tYmhzuNUXxjtDD3wQVZORXVoSq+BXB4tT8n/sU/bd4
jBkJZebFvOk+jqDZdNHkbdDNB/eaK+JGwI/SRLipPfhnCaTP728op4Wna3YlwfC1
LKWIDN/F5xHe1Tq6MNqmJb2svq1RkvudD5jy7I5sT3/BVrhxJ9AaQd+ZrA88XWcn
rOOxJqaMov55BuTpmWOCCen/wThUllNb8tncNKipGvWVaxspLfoY/X/WQtky04G5
b2XF2VKGTxzLNich1B0kpsH3Azo/WxFggN0xtoT1YdATBTA0Psr/zYSoC2Zb3H4Z
WM9rs0I/Q2QMhdVvDCbZ191SIb2OiDTdm43uADN9Iv2TnCeuGynomA4lvP07Cu/3
kHduO/wprWEJbvoXziOSIIVyy4qnCCRgzm8LnFmZiElmOiLk5HIvtLgxVsBz4q1S
Obfz7x1VK5DMvJIt5G0Hk4q5Ag0EW37rKgEQAKNqvGlyz4OalvDKypBwuJAeiGii
hZ1vKobkvdwgjJHZx6v4u9lyNanKhpm/DRDRKGUX3gYKvOOGZebGVTkPRs63w+Fo
VSXSY0fXrqw3JLm3r/1k28sH9GonVK5exD15dSXt0vQ1IRdZXHk2rM9DLSEH3ysy
MwG7rV39+wkRkcxwl0MyMaFhIHeWhGYXuXDkBEYHxfNEoof9j63wFTztAey8NgPt
W81NOkGunntDXAMULPuyNy4yxz6UxOdapBXWIhJi/JaayeLQxPnA83RMkJRqrQYr
M3p5vW1sGcVQf3e+IN7HttO5EHZp8xYw0oYjLRIAfdFh4z1b5Y4KcwaO/Y//N887
u8uKU6wkoa4iwyJi74K8C+ebVG3hsRV1anApTKHib5CKVJJSTgwcaqX2JNZbKGUT
GWiDpbo0ywv65mEMRpafrOPb7MCAwyhPLCobXtzwQZFmO5j5KVJq+4Lnj1j2ULIo
vw4SORDIruMoDax566UI/wmxbfcyqC1K7DWFeimUQ7XLY4aBgfgA26glBPDjvdpu
b4K0jP/h0AhUdUKjwNrrZoPuXuPfhY/BSh1KThTBGjwcxUOGSR+F9kTEtIQ95u5l
ci8B2vZHbEoqAIqnP4XZrsdO7utDlH0X1gPbaarWrxsgtdBkeIU79shPRjB5Bj6u
NdieBW+yzeT5b5WLABEBAAGJAjwEGAEIACYWIQSTQYz/DEbTNyO84fpx5KB6gWiz
2gUCW37rKgIbDAUJB4YfgAAKCRBx5KB6gWiz2udxD/9spa3cEJd8x7vxitZcjcnq
Tb2g5f2SsGvZHfmzJ1i8Mcye9j9fshCq8zK3hNhddGEIamLH3CSOFMMdjQLIdup/
c24Sv+g4MR9cRZyKIfUg0yrGnl16S4zAt97FPWjxHw8TLAfhB7OxgmM/YbS5IO2m
IQA4zAPjFYcLvvCXGhTeOU8Aa6rEcIekwWLPLLAb/W8AmE1MqzXsG8p1EIEiDHNR
DLovSK35bKXGADBvYmKYwqgiR1lUH28IgwReOb8ZQO/ty4jXtmSlDusmuZSd2jxL
Tkbh2feOBl2A5rmSEWxSQhzGifyVZo50Tcd7mndSlIlm9bKy1lIPyjtfc6Ltn6gl
c11Bl8VjpofNm0aUoWQqLXXTG1t7rywRfaJb3OfKiHvRXCgX5DYkGPB2nz0yWvM+
kRHWntKVl2SGXoc4j6zJurXV0ZryRi6lsf7Ah+ZdzE5JQGeIs/B5GzjG10Dtx0SF
8ZrpFbY58XwC5IC8zJ8X0JZ9ND4Outc3vgAIyzmDeUwCQFOFUZ0iuKWRzotdxqRT
D9W7O4FvGuKFurE0ujTna1kBi6iWdWMjOoOlaStQ3iVp7D2HR4zOquhIN7UtHzpE
m2sjZVBJfJDxyUkRrk43eq41A6uCJH33xe6d9M6akMa0baEiCacIpBu+rEUqooUL
kZwiQ6V0ahFkAredIbTVHg==
=ahvD
-----END PGP PUBLIC KEY BLOCK-----