Be an actor of Cloud security
Security is at the core of Outscale’s business and values.
That’s why our company is fully ISO 27001 certified and our Cloud is designed to meet the requirements of organizations in terms of security. We are constantly looking into new standards to ensure the excellence of our infrastructure and the protection of your data at all times.
Because security is everyone’s concern, Outscale encourages reporting of any security vulnerabilities that you may find:
- Reporting Vulnerabilities and Incidents
- Reporting Suspicious Emails
- Writing a Vulnerability or Incident Report
Want to join our Security team?
We are always looking for new talents! Click here to view our current job openings.
Reporting Vulnerabilities and Incidents
Encounter a vulnerability? That is valuable information that you can share with us through:
- a Bug Bounty program (via Bountyfactory)
- an Outscale support platform (via Zendesk)
- an email address and an anonymous platform (via Zerodisclo)
Help track bugs and improve our services as an independent security researcher.
If you discover a security vulnerability, you can be rewarded financially and gain ranks on the Bug Bounty platform according to a points system.
Want to join in?
Review the terms of our Bug Bounty programs here https://yeswehack.com/programs/outscale
If you are an Outscale customer, you can log in to our support platform to report a vulnerability.
Our teams will respond to every submitted report right away and keep you updated throughout the resolution.
What information to provide?
See our recommendations on how to write a vulnerability or incident report.
You can also report a security vulnerability while remaining anonymous.
How to do it?
Via email at the following address: firstname.lastname@example.org.
Our teams will respond to your report right away.
Zerodisclo guarantees your anonymity through PGP encryption. You can then choose to remain anonymous, or reveal your identity to be contacted or rewarded.
Reporting Suspicious Emails
If you receive an email claiming to be from Outscale and you have doubts about its authenticity, do not hesitate to contact us as this can be a phishing email.
These emails are sent by scammers who try to trick you into revealing personal information by making you open an attachment or click a link.
Never click links contained in those suspicious emails as they may contain a virus.
Wondering if you can trust an email claiming to be from Outscale?
You can use the following form to report it to us:
For more information, see the recommendations from ANSSI, the National Cybersecurity Agency of France (French only).
Writing a Vulnerability or Incident Report
To fix a vulnerability, our teams need all the information you can provide about it.
Check out these sample reports to help you write yours:
|Title||OWASP-A3 Cross-Site Scripting (XSS)|
|Description||A malicious person can cause an XSS vulnerability.|
|Source of the vulnerability||Filtering is not correct: the description section is under the user’s control.|
|Attack scenario||An attacker forges the link and sends it to other users.|
It would be better to filter the beginning of tags more effectively by passing it to the appropriate function.
|Title||Issue with an inaccessible instance|
I have an issue with an instance that I cannot access.
Could you please have a look at this issue?