Report a Security Vulnerability

Responsible Reporting


At Proofpoint our top priority is protecting the way people work today. We value the security research community and encourage responsible reporting of potential security vulnerabilities. Our security team is dedicated to working with you to validate and respond to legitimate reports. If you believe you've identified a potential security vulnerability, please email your discovery to

See our latest security advisories

Contacting Security

Reporting Security Issues

We encourage people who contact Proofpoint Security to use email encryption, using our PGP encryption key:

Encryption Key
Fingerprint 806E 0096 7B5E 6E50 4C6B 083D 88B3 C1DA 8125 69D4

We ask that you do not share or publicize an unresolved vulnerability. If you submit a vulnerability report or other security concern, the Proofpoint security team will use reasonable efforts to:

  • Validate the reported vulnerability
  • Keep you informed of our progress as we investigate your reported security concern
  • Notify you when the vulnerability has been fixed
  • Publicly acknowledge your responsible disclosure (unless you prefer anonymity)

If additional information is required in order to validate or reproduce the issue, Proofpoint will work with you to obtain it.



Proofpoint appreciates every security researcher who submits a vulnerability report which helps us improve our security and that of our customers. We maintain a Hall of Fame to recognize contributors for working with our Security team to resolve these vulnerabilities. If you have reported a vulnerability in the past but do not see your name listed below, please reach out to us at

The individuals and organizations listed in our Hall of Fame have given us permission to publicly acknowledge their efforts.

Hall of Fame


Alexandro Calo
LinkedIn: alexandro
Horizon Security S.r.l.

Bradley Shubin

Chi Tran

LinkedIn: chitd

Faizan Ahmad
LinkedIn: faizanwani20

Foysal Ahmed Fahim
LinkedIn: foysal1197

Muhammad Hassam Arif
LinkedIn: muhammad-hassam-arif-19b790163

Oracle GIS and Oracle Cloud Red Teams

Ruslan Sayfiev
Ierae Security Inc.

Tanuj Jane



Anurag Muley

LinkedIn: ianuragmuley

Bindiya Sardhara
LinkedIn: bindiya-sardhara-24b1a2b4

Branden R. Williams
LinkedIn: bwilliams

Gaurav Ghule
LinkedIn: gaurav-ghule-202aa714a

Gourab Sadhukhan
LinkedIn: gourab-sadhukhan-71158216a

Hammad Saleem
LinkedIn: hammad-s-1071ba1b2

Michael Berryhill

LinkedIn: michael-berryhill

Mohammad Hosein Askari
LinkedIn: mohammadhoseinaskari

Pritam Mukherjee

LinkedIn: pritam-mukherjee-urvil-b75ab9b9

Siddhesh Sonje
LinkedIn: siddhesh-sonje

Virendra Tiwari
LinkedIn: virendratiwari

Twitter: xer0dayz


Garrett White

LinkedIn: gwhitekc

Oumeir Saifedeen

Twitter: oumeirs
LinkedIn: oumeirsaifedeen

Pethuraj M

Ryan Silver
Manager, Information Security
RoundTower Technologies

Hamed Izadi

LinkedIn: hamedizadi

Pradipta Das
LinkedIn: pradiptad4s

Twitter: 0x01alka

Johnny Yu

Twitter: straight_blast

Vismit Sudhir Rakhecha (Druk)
LinkedIn: vismit-sudhir-rakhecha-76209523

Yunus Yildirim
Twitter: @Th3Gundy


Raul Jimenez, Cory Thompson, Peter Yu
Texas A&M Rural and Community Health Institute

Ismail Tasdelen
LinkedIn: ismailtasdelen

Vineet Kumar


David Krause
HCA Healthcare

Pal Patel
Facebook: sam.patel.9822

Hanson Nottingham
Cyber Security | Red Team
Blue Shield of California

Guifre Ruiz
Twitter: guifreruiz

Edward Farrell
Mercury Information Security Services


Eusebiu Blindu
Twitter: testalways


Borja Berastegui


Ketankumar B. Godhani
LinkedIn: ketankumargodhani

Henri Salo