a good thing!
Ping Identity values the security researcher community greatly and appreciates those who help us improve the security of our corporate systems, products and services. If you’re a security researcher and have discovered a security vulnerability in any of our systems, products or services, we appreciate your help in disclosing it to us privately and giving us an opportunity to address it before publishing technical details. We will validate, respond to, and address vulnerabilities in support of our commitment to security and privacy.
To that end, we have created a couple of different ways to engage with Ping to report vulnerabilities. First is responsibly disclosing directly to our Security Team by filing a support case. Second, in order to get more eyes on our products and services, we have created a bug bounty program that pays for in-scope vulnerabilities in our products and services.
Responsibly disclose to Ping directly:
This is available for any vulnerabilities, whether in Ping’s products or services, our corporate website (pingidentity.com), or any other Ping infrastructure or systems. Please do not publicly disclose these details outside of this process without explicit permission. In order for us to triage and respond to the report, we ask you include the following information in your report:
Click here to file a support case:
Participating in Ping's Product Bug Bounty:
We are thrilled to announce Ping’s public bug bounty, focused solely on Ping’s product and services. The goal here is to leverage the capabilities of the entire research community and get as many good guys looking for issues as possible. All details of the program, including in-scope systems, bounty amounts, and other rules of engagement are available on the bug bounty program landing page.
Click here to access our bug bounty program.
If you identify a verified security vulnerability in compliance with this responsible disclosure program, Ping Identity commits to:
Certifications & Affiliations