Be an actor of Cloud security
Security is at the core of 3DS OUTSCALE’s business and values.
That’s why our company is fully ISO 27001 certified and our Cloud is designed to meet the requirements of organizations in terms of security. We are constantly looking into new standards to ensure the excellence of our infrastructure and the protection of your data at all times.
Because security is everyone’s concern, 3DS OUTSCALE encourages reporting of any security vulnerabilities that you may find:
- Reporting Vulnerabilities and Incidents
- Reporting Suspicious Emails
- Writing a Vulnerability or Incident Report
Want to join our Security team?
We are always looking for new talents! Click here to view our current job openings.
Reporting Vulnerabilities and Incidents
Encounter a vulnerability? That is valuable information that you can share with us through:
- a Bug Bounty program (via YesWeHack)
- an 3DS OUTSCALE support platform (via Zendesk)
- an email address and an anonymous platform (via Zerodisclo)
BUG BOUNTY
BUG BOUNTY
Help track bugs and improve our services as an independent security researcher.
If you discover a security vulnerability, you can be rewarded financially and gain ranks on the Bug Bounty platform according to a points system.
Want to join in?
Review the terms of our Bug Bounty programs here https://yeswehack.com/programs/outscale
SUPPORT
SUPPORT
If you are an 3DS OUTSCALE customer, you can log in to our support platform to report a vulnerability.
Our teams will respond to every submitted report right away and keep you updated throughout the resolution.
What information to provide?
See our recommendations on how to write a vulnerability or incident report.
ANONYMOUS
ANONYMOUSYou can also report a security vulnerability while remaining anonymous.
How to do it?
Via email at the following address: bugbounty@outscale.com.
Our teams will respond to your report right away.
Via the Zerodisclo anonymous platform with YesWeHack.
Zerodisclo guarantees your anonymity through PGP encryption. You can then choose to remain anonymous, or reveal your identity to be contacted or rewarded.
Reporting Suspicious Emails
If you receive an email claiming to be from 3DS OUTSCALE and you have doubts about its authenticity, do not hesitate to contact us as this can be a phishing email.
These emails are sent by scammers who try to trick you into revealing personal information by making you open an attachment or click a link.
Never click links contained in those suspicious emails as they may contain a virus.
Wondering if you can trust an email claiming to be from 3DS OUTSCALE?
You can use the following form to report it to us:
For more information, see the recommendations from ANSSI, the National Cybersecurity Agency of France (French only).
Writing a Vulnerability or Incident Report
To fix a vulnerability, our teams need all the information you can provide about it.
Check out these sample reports to help you write yours:
Vulnerability report
| Title | OWASP-A3 Cross-Site Scripting (XSS) |
| Description | A malicious person can cause an XSS vulnerability. |
| Source of the vulnerability | Filtering is not correct: the description section is under the user’s control. |
| Reproduction (PoC) |
|
| Attack scenario | An attacker forges the link and sends it to other users. |
| Recommendations |
It would be better to filter the beginning of tags more effectively by passing it to the appropriate function. |
| Endpoint (URL) | https://cockpit-eu-west-2.outscale.com/login/ |
| Attachments | Xss.png |
Incident report
| Title | Issue with an inaccessible instance |
| Endpoint (URL) | https://cockpit-eu-west-2.outscale.com/login/ |
| Description |
I have an issue with an instance that I cannot access.
Could you please have a look at this issue? |
| Attachments | screenshot.png |