Vulnerability Disclosure Policy

Vulnerability disclosure philosophy

Talend accepts vulnerability reports from all sources such as independent security researchers, industry partners, vendors, customers and consultants. Talend defines a security vulnerability as an unintended weakness or exposure that could be used to compromise the integrity, availability or confidentiality of our products and services.

Security researchers

Talend accepts vulnerability reports from all sources such as independent security researchers, industry partners, vendors, customers and consultants. Talend defines a security vulnerability as an unintended weakness or exposure that could be used to compromise the integrity, availability or confidentiality of our products and services.

Overview

Before participating in Talend’s Vulnerability Disclosure Policy, conducting any testing of Talend networks, and prior to submitting a report, you must agree to abide by the terms and conditions found here and at Bugcrowd. Furthermore, at all times during your search and reporting of vulnerabilities, you agree to abide by the Talend Terms of Use, and you agree to have your information processed in accordance with Talend’s Privacy Policy. Failure to abide by the terms and conditions will result in the loss of being considered a security researcher under Talend’s program.

Scope

This policy applies to any digital assets owned, operated, or maintained by Talend, including public facing websites.

Our commitment to researchers

  • Trust. We maintain trust and confidentiality in our professional exchanges with security researchers.
  • Respect. We treat all researchers with respect and recognize your contribution for keeping our customers safe and secure.
  • Transparency. We will work with you to validate and remediate reported vulnerabilities in accordance with our commitment to security and privacy.
  • Common Good. We investigate and remediate issues in a manner consistent with protecting the safety and security of those potentially affected by a reported vulnerability.

What we ask of researchers

  • Trust. We request that you communicate about potential vulnerabilities in a responsible manner, providing sufficient time and information for our team to validate and address potential issues.
  • Respect. We request that researchers make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing.
  • Common Good. We request that researchers act for the common good, protecting user privacy and security by refraining from publicly disclosing unverified vulnerabilities until our team has had time to validate and address reported issues. Public disclosure of the submission details of any identified or alleged vulnerability without express written consent from Talend will deem the submission as noncompliant with this Vulnerability Disclosure Policy.

Vulnerability reporting

Talend recommends that security researchers share the details of any suspected vulnerabilities across any asset owned, controlled, or operated by Talend (or that would reasonably impact the security of Talend and our users) using the web form below. The Talend Security team will acknowledge receipt of each vulnerability report, conduct a thorough investigation, and then take appropriate action for resolution.