跳转至

Reporting security concerns(报告安全问题)

Reporting security incidents

:::callout{theme="danger" title="Important"} If you believe you have an ongoing security incident, immediately contact your Palantir representative. They will be able to page the Palantir Information Security team to assist you. :::

For routine security issues, you may contact the Palantir Computer Incident Response Team (CIRT) directly. To do so, follow this reporting process:

  • Compile as much technical information as possible, including steps to reproduce and validate the issue.
  • Encrypt the email contents using our GPG key ↗.
  • Notify the Palantir Computer Incident Response Team (CIRT) immediately by emailing cirt@palantir.com. Include the best means of return communication.

Reporting Product Security Vulnerabilities

Palantir customers

If you believe you have identified a security vulnerability, contact your Palantir representative. They will be able to surface any vulnerability concerns you have directly to the Palantir Information Security team.

Alternatively, you may be report the vulnerability directly to the Palantir CIRT by encrypted email using the steps outlined in Reporting Security Incidents above.

Bug bounty researchers

Palantir is proud to base our responsible disclosure policy on the disclose.io ↗ vulnerability disclosure framework. Security is one of our core tenets at Palantir, and we value the input of security professionals acting in good faith to help us maintain a high standard for the security and privacy of our users. This includes encouraging responsible vulnerability research and disclosure. This policy sets out our definition of good faith in the context of finding and reporting vulnerabilities, as well as what you can expect from us in return.

You may find the full contents of our responsible disclosure policy, including scope and bug bounty rewards, on our HackerOne public bug bounty program page ↗.

To report a potential security issue or vulnerability in our products or infrastructure, follow this reporting process:

  • Compile as much technical information as possible, including steps to reproduce and validate the issue.
  • Open a report on our HackerOne public bug bounty program page ↗.
  • Allow up to five (5) business days for confirmation of the reported issue.

Security concerns

Your representative at Palantir will be happy to discuss any questions or concerns you may have regarding Foundry security. In the event that your question goes beyond their area of expertise, they will coordinate a conversation with Palantir’s security staff regarding the matter.


中文翻译

报告安全问题

报告安全事件

:::callout{theme="danger" title="重要提示"} 如果您认为正在发生持续的安全事件,请立即联系您的 Palantir 代表。他们将能够联系 Palantir 信息安全团队为您提供协助。 :::

对于常规安全问题,您可以直接联系 Palantir 计算机事件响应团队(CIRT)。请按照以下报告流程操作:

  • 尽可能多地收集技术信息,包括重现和验证问题的步骤。
  • 使用我们的 GPG 密钥 ↗ 对电子邮件内容进行加密。
  • 立即通过 cirt@palantir.com 通知 Palantir 计算机事件响应团队(CIRT),并附上最佳回复联系方式。

报告产品安全漏洞

Palantir 客户

如果您认为发现了安全漏洞,请联系您的 Palantir 代表。他们将能够将您提出的任何漏洞问题直接反馈给 Palantir 信息安全团队。

或者,您也可以按照上文报告安全事件中概述的步骤,通过加密电子邮件直接向 Palantir CIRT 报告漏洞。

漏洞赏金研究人员

Palantir 自豪地将我们的负责任的披露政策建立在 disclose.io ↗ 漏洞披露框架之上。安全是 Palantir 的核心原则之一,我们重视安全专业人员本着善意帮助我们维护用户安全和隐私的高标准所做出的贡献。这包括鼓励负责任的漏洞研究和披露。本政策明确了我们在发现和报告漏洞时对"善意"的定义,以及您可以期望从我们这里获得的回报。

您可以在我们的 HackerOne 公开漏洞赏金计划页面 ↗ 上找到我们负责任的披露政策的完整内容,包括范围和漏洞赏金奖励。

要报告我们产品或基础设施中的潜在安全问题或漏洞,请遵循以下报告流程:

  • 尽可能多地收集技术信息,包括重现和验证问题的步骤。
  • 在我们的 HackerOne 公开漏洞赏金计划页面 ↗ 上提交报告。
  • 请留出最多五(5)个工作日以等待报告问题的确认。

安全问题

您的 Palantir 代表将乐于讨论您对 Foundry 安全性的任何疑问或担忧。如果您的问题超出了他们的专业领域,他们将协调与 Palantir 安全人员就此问题进行沟通。