At Looker, building secure software is our highest priority. While driven to deliver a unique industry-disrupting modern data analytics solution, we never lose sight of our dedication to protecting you from the latest security threats. With that in mind, we hope that if you discover a security vulnerability in our product, you’ll share it with us right away.
We appreciate your help in disclosing security vulnerabilities to us in a responsible manner. We welcome responsible and timely reports of any vulnerabilities discovered in our product or on our website. We will engage with the security community when vulnerabilities are reported to us. We will validate, respond and fix vulnerabilities in accordance with our commitment below. Looker will not initiate legal action against individuals for penetrating or attempting to penetrate our website or platforms, provided they comply with the terms below. Looker reserves all of its legal rights in the event of any noncompliance.
If you happen to find an issue, refrain from accessing or modifying, or attempting to access or modify, data that does not belong to you.
Refrain from executing, or attempt to execute, a Denial of Service (DoS) attack against the product or the website.
Once you have proven that your test steps are accurate and repeatable, refrain from attempting to exploit a discovered issue.
Privately share the details of suspected vulnerabilities with the Looker Security Team by sending an email to firstname.lastname@example.org.
Where possible, encrypt your email message using our public GPG key. (ID: '7959EC1F', Fingerprint: '92EF F690 8BEF D5CA 65C4 1AC6 399C DF34 7959 EC1F')
Please include information to allow us to efficiently reproduce your steps including:
To those individuals who follow our “Responsible Disclosure Policy,” Looker commits to: