HOWTO: Report a Security Issue to PeeringDB

PeeringDB works hard to keep its systems and data as secure as possible. If you are a security researcher and have discovered a security vulnerability in one of our services, we appreciate your help in disclosing it to us in a responsible manner.

Our responsible disclosure policy is not an invitation to actively hack and potentially disrupt our system and services. We reserve the right to sue researchers for penetrating or attempting to penetrate our systems.

PeeringDB does not permit the following types of security research

While we encourage you to discover and report to us any vulnerabilities you find in a responsible manner, the following conduct is prohibited:

Scope of the network

The following is in scope:

Exclusions

The following list of issues have already been reported to our Security team, reviewed, and deemed out of scope for the purposes of this program. Please do not report any of the following classes of issues. Unless there are exceptional circumstances or novel attacks, these issues will be rejected:

This is not an exclusive list. If you report a vulnerability that has already been reported by someone else, we will let you know. In that case you are not eligible for our Security Hall of Fame or swag.

What we request from you

What we promise