Responsible Disclosure Policy

Illumio cares deeply about maintaining the trust and confidence that our customers place in us, and we believe that engaging the community to improve the security of our products and services is foundational to that trust. If you are a security researcher and have discovered a security vulnerability in one of our products or services, we would appreciate your help in disclosing it to us in a responsible manner. Illumio endeavors to engage with security researchers when vulnerabilities are reported to us in accordance with our Responsible Disclosure Policy. We will validate and fix vulnerabilities in accordance with our commitment to security and privacy. We won’t take legal action against those who discover and report security vulnerabilities in accordance with our Responsible Disclosure Policy and the Synack Terms of Service. Illumio reserves all legal rights in the event of any noncompliance.

We encourage security researchers to share the details of any suspected vulnerabilities with the Illumio Information Security Team by providing the information in the form below. Illumio will review the submission to determine if the finding is valid and has not been previously reported. At Illumio’s discretion, you may be eligible for compensation for your efforts.