If you are an existing Milvus user, Zilliz Cloud customer or partner, please submit a service request for any security vulnerability you believe you have discovered in the Zilliz Cloud product at email@example.com.
If you are not a customer or partner, please email firstname.lastname@example.org with your discovery.
Zilliz highly values and appreciates the members of the research community who find security vulnerabilities and responsibly disclose these to Zilliz so that fixes can be issued to all customers. We have our own roots as an open source software company with the philosophy that open source software should be free to use, integrate and create derivative works regardless of the use case or the user. We develop our software in the open with the help of a global community of developers and contributors with whom we share a common understanding and trust in the free exchange of knowledge.
Zilliz’s policy is to credit and reward all researchers provided they follow responsible disclosure practices:
Our current rewards include but are not limited to:
It is not Zilliz’s policy to provide cash awards for discovered vulnerabilities at this time.
In scope assets for Bug Bounty rewards include Zilliz Cloud and any of our open source distributions such as Milvus and GPTCache. You can sign up for a free Zilliz Cloud account or explore our open source software at https://github.com/milvus-io/milvus.