Responsible Reporting
Overview
At Proofpoint our top priority is protecting the way people work today. We value the security research community and encourage responsible reporting of potential security vulnerabilities. Our security team is dedicated to working with you to validate and respond to legitimate reports. If you believe you've identified a potential security vulnerability, please email your discovery to
Contacting Security
Reporting Security Issues
We encourage people who contact Proofpoint Security to use email encryption, using our PGP encryption key:
Encryption Key
Fingerprint 806E 0096 7B5E 6E50 4C6B 083D 88B3 C1DA 8125 69D4
We ask that you do not share or publicize an unresolved vulnerability. If you submit a vulnerability report or other security concern, the Proofpoint security team will use reasonable efforts to:
- Validate the reported vulnerability
- Keep you informed of our progress as we investigate your reported security concern
- Notify you when the vulnerability has been fixed
- Publicly acknowledge your responsible disclosure (unless you prefer anonymity)
If additional information is required in order to validate or reproduce the issue, Proofpoint will work with you to obtain it.
Recognition
Acknowledgement
Proofpoint appreciates every security researcher who submits a vulnerability report which helps us improve our security and that of our customers. We maintain a Hall of Fame to recognize contributors for working with our Security team to resolve these vulnerabilities. If you have reported a vulnerability in the past but do not see your name listed below, please reach out to us at
The individuals and organizations listed in our Hall of Fame have given us permission to publicly acknowledge their efforts.
Hall of Fame
2021
Alexandro Calo
LinkedIn: alexandro
Horizon Security S.r.l.
Chi Tran
LinkedIn: chitd
Muhammad Hassam Arif
LinkedIn: muhammad-hassam-arif-19b790163
Oracle GIS and Oracle Cloud Red Teams
Ruslan Sayfiev
Ierae Security Inc.
2020
Anurag Muley
LinkedIn: ianuragmuley
Bindiya Sardhara
LinkedIn: bindiya-sardhara-24b1a2b4
Branden R. Williams
LinkedIn: bwilliams
Gaurav Ghule
LinkedIn: gaurav-ghule-202aa714a
Gourab Sadhukhan
LinkedIn: gourab-sadhukhan-71158216a
Hammad Saleem
LinkedIn: hammad-s-1071ba1b2
Michael Berryhill
LinkedIn: michael-berryhill
Mohammad Hosein Askari
LinkedIn: mohammadhoseinaskari
Pritam Mukherjee
LinkedIn: pritam-mukherjee-urvil-b75ab9b9
Siddhesh Sonje
LinkedIn: siddhesh-sonje
Virendra Tiwari
LinkedIn: virendratiwari
xer0dayz
XeroSecurity
Twitter: xer0dayz
2019
Garrett White
LinkedIn: gwhitekc
Oumeir Saifedeen
Twitter: oumeirs
LinkedIn: oumeirsaifedeen
Pethuraj M
www.pethuraj.in
Ryan Silver
Manager, Information Security
RoundTower Technologies
Hamed Izadi
LinkedIn: hamedizadi
Pradipta Das
LinkedIn: pradiptad4s
lalka
Twitter: 0x01alka
Johnny Yu
Twitter: straight_blast
Vismit Sudhir Rakhecha (Druk)
LinkedIn: vismit-sudhir-rakhecha-76209523
Yunus Yildirim
Twitter: @Th3Gundy
2018
Raul Jimenez, Cory Thompson, Peter Yu
Texas A&M Rural and Community Health Institute
Ismail Tasdelen
LinkedIn: ismailtasdelen
Vineet Kumar
2017
David Krause
HCA Healthcare
Pal Patel
Facebook: sam.patel.9822
Hanson Nottingham
Cyber Security | Red Team
Blue Shield of California
Guifre Ruiz
Twitter: guifreruiz
Edward Farrell
Mercury Information Security Services
2016
Eusebiu Blindu
Twitter: testalways
Thomas SABONO
Borja Berastegui
2015
Ketankumar B. Godhani
LinkedIn: ketankumargodhani
Henri Salo