Bug Bounty Program

Liquid Web continuously seeks to protect its hosting environment and offer the best service to its customers. We offer a bounty for reporting security vulnerabilities that substantially impact the integrity and confidentiality of user data in our hosting environment. To be eligible for the bounty, you must be the first to report and use the process outlined below. Liquid Web, in its sole discretion, shall determine whether or not to pay a reward and the amount of the reward.

If you believe you have found security vulnerability in Liquid Web’s hosting environment, please notify us at bugbounty@liquidweb.com and include detailed information as guided by the bulleted list below. When reporting, please respect our customers’ privacy and data.

  • The type of security vulnerability.
  • The product, control panel, or infrastructure that contains the security vulnerability.
  • The impact of the security vulnerability.
  • Step-by-step instructions to reproduce the issue.
  • Impact of the security vulnerability including how it can be exploited.

Once submitted, we will contact you to confirm receipt of your report. As we investigate the security vulnerability, we may also ask you for additional information. If you do not receive a response from us within 72 hours, please follow up to ensure we received your report.

During the investigation into the security vulnerability, we ask that you maintain full confidentiality of the issues and not publicly discuss, imply, or hint at the existence of a such a security vulnerability. Failure to maintain confidentiality will disqualify you from receiving any bounty and disqualify you from future submissions under this program.

Under no circumstances should your testing and reporting of a security vulnerability affect the availability of Liquid Web’s services, violate Liquid Web’s Terms of Service, or disrupt or compromise any data that is not your own. To be eligible for the program, you must not: (i) be a resident of or file a submission from a country against which the United States has issued export sanctions or other trade restrictions (e.g. Cuba, Iran, North Korea, Sudan and Syria), (ii) be employed by Liquid Web, or (iii) be an immediate family member of a person employed by Liquid Web.

We reserve the right to modify the terms of or cancel the program at any time. In addition, this program is void where prohibited by law.