Bug Bounty

We’re committed to making Spectro Cloud Palette a safe and secure environment for enterprise Kubernetes, and we follow best practices to secure our development and operations. But we know that no software is perfect, and we welcome the help of the security community to identify potential vulnerabilities in our products and systems through our bug bounty program.

The following description outlines eligibility and scope, how to report vulnerabilities, and other important terms. If you believe you've found a vulnerability, we encourage you to notify us so we can fix the issue quickly.

What we expect from you

What’s in scope?

spectrocloud.com, kairos.io, code on https://github.com/spectrocloud, and the Spectro Cloud Palette product, including our PXK Kubernetes distributions.

What’s out of scope?

Our bug bounty program doesn’t cover:

Honorable mentions:

We would like to thank the following people for contributing to the security of Spectro Cloud: