Reporting a Vulnerability

Protecting our platform is key to our success. We believe that our collaboration with the security community is essential to maintaining a secure environment for all of our customers. If you discover a potential security vulnerability on or within a Menlo product, service, or application, we strongly encourage you to inform us as quickly as possible. We ask that such vulnerability reports be kept private and that researchers do not make their report public until we have resolved the issue.

Report a Vulnerability Reported Vulnerabilities

How to Report a Vulnerability

You can report potential security issues by sending an email to our security team at security-reporting@menlosecurity.com. We strongly encourage you to utilize the provided Public PGP key for encryption purposes.

We request that you include the following information with your submission:

  • The full URL

  • Steps you took

  • Objects (as filters or entry fields) possibly involved

  • Evidence / Proof of Concept / how to reproduce (include video or screenshots if possible)

  • Risk or exploitability

  • Offering a solution is highly encouraged but not required

When we receive your email, we will send an automatic email as acknowledgment. We will respond with additional emails only if we need further information to help investigate the issue. For the protection of our customers, Menlo Security will not disclose, discuss, or confirm security issues.

Our customers are important partners in the discovery and remediation of security issues. Menlo Security would like to acknowledge the efforts of customers, including GovTech Singapore, who have worked with our security teams in helping increase the security of the Menlo Cloud Security platform.