Vulnerability Reporting Policy

Report a Security Vulnerability

At Box our top priority is the safety, security and control of our customers' data. To excel at this, we welcome the vital role that security researchers play in keeping systems and data safe. To encourage the responsible reporting of potential security vulnerabilities, the Box security team has committed to working with the community to verify, reproduce and respond to legitimate reports.

 

 

If you believe you've identified a potential security vulnerability, please report it to us right away. We will investigate all legitimate reports and do our best to quickly address the problems.

 

 

 

 

Responsible Disclosure Guidelines

 

 

 

 

To encourage responsible disclosure, Box will not initiate any legal action against security researchers as long as they adhere to the following guidelines:

 

 

 

 

  • Notify Box and provide all details of the vulnerability before making any information public.
  • Provide Box a reasonable amount of time to address the issue before making information public.
  • Provide all details of the vulnerability to support validation and reproduction of the issue.
  • Make a good faith effort to avoid data destruction, theft, privacy violations and interruption or degradation of our service.

 

 

 

 

Please email your report to security-reports@box.com. We strongly encourage all report emails to be encrypted with our PGP key below.

 

 


 

 

 

-----BEGIN PGP PUBLIC KEY BLOCK-----

Version: GnuPG v1.4.12 (Darwin)

 

mQINBFC/qoQBEACtOfQkulwo79lx5eQfIXtSqZDF228gBeQ1KZYitq4sTBDwjSs7 dl68Jvrmoln1fctG4GEnh7CW3QfK4HqmOfognIOi87Hqusj/38k5ipegQ9x8P5tf DowulrZ1V+sNWNBd/YwjREMWpberMCZVjxIgmaLErVUDWMZzjzZnttSDZIb1l+1u 14KTINF1LYFIbAHLudheQtGGFnLt0FNTvGs8qeAVhds8EBfaVdQd8zhJH6ET+T9o QTO+E3zmMSkshlQDm1O/83fyGdccN+2OfLeYt1woPyBFlmh2MdHNmqUG6o+kRjMV HUZNKLFeVSfwJgq1R9PvcsthdPfNjRnqcDbVcRDSKgthQGRYI/t70hivgvBboMkm tNIgw9485NeRlwFkCvopdYfbolkUVq85sdlYr4WGhUjyciKBz27k0WyaI9dLUoDy NmwNJXs4vbczkARA2sUX56fXKwpGHRHu6M22+OG4/JUYF4Vp3ufxJNhlKT+/vmGK dwa0KLzXKZnZnP/gYlzndH0E9Zkzv+pm02ytlkzNYnot0o17ImE+ugcBUYTfNvld 3QmWKB2AzFP2slzIfwJ7ScRroua84vhRkXwKyiEphWdT5K7lVHKjGsSYCu+EnyQ2 zufd8yqpcQDPMc1P03mkOGZCEOO2hENIOMaP/PXU1oQT4BObBoJLV/6lpQARAQAB tC9Cb3ggU2VjdXJpdHkgUmVwb3J0cyA8c2VjdXJpdHktcmVwb3J0c0Bib3guY29t PokCPgQTAQIAKAUCUL+qhAIbAwUJAeEzgAYLCQgHAwIGFQgCCQoLBBYCAwECHgEC F4AACgkQoPuYIgVSMJOtkA/8CFMiC9Z2zHSaeZZQSEfilA2tDHhMJCXU2kNi0tMT 8qkEFg+BfmB9QdxMFIE6LbP857PHUzr/Bmq3lcCbwpECavsn7L+z2nj87Jo0/fJ+ AR3A9El1fs/52fiZ/seaDANGnEnPtVwUaMvRGpg8WyH0UkjkXcrXjPp3I5dbiLn4 cH9qkUfy9z4j9P3cg7dbgm9YlVjN0thMV7hvX03CkZD6c1CJFEBktJyMDqD1euMm x3oDyu3XZhuMXxZm/z9DST5ex5UB9L8SLbWT9iOqLxqUz/14NrsKoAbI2R7AXpx/ cDMukHjOGo9+KcqPfMPMbBVTgS1Vjoa1luAYOIM9FmgNGny/VdMAc7UH5D8eNCdS hnjW8ANJIwZnjzqqr7MzlUJhCPBSzWeeK5lE6RLmNBWLV7fjNEVDITh+O8agkuQe VVejak5HMWQ9ZjxzCkyZ9HnZLgxqOmltUN+oYPboE2AGaSgzo4X8mKGq/LBV5m76 E045OSQ+eHXeHqpVG+fLYNxcM8mhchr57ySH8Z4msoI2orIJoZTp6ZAQj87jSol9 5Rg4JpnPs+bBpqFBu2TfxeF8g/7d8/hG41oeIsO4pEFgM7Art0s04D/OiZsGXkz0 oQ7d9Ax5k0l7CWOVV3ed1PRy+4J0sW2G/UjMdz1D7Ht/2UF8xCDrL7aopTnQ/7J2 9gC5Ag0EUL+qhAEQALXwvnL986amiEE2HLoypfhdyp93ZXJUree9KO9NFqvkt1cO FinCRdEdcgy3Xb/NXthFh/ceJARqesLJNbWlYiK20CZ3SRXnNA2YOzwKFKIvyo3/ eemgfVtG2UrZpmV6CpvxMRtYAYWQJuDSIlcoaODozhkQ50q+2Pf4Yobp10cE9cRx AcMSS0PTR5VTuH47D0onXFKniM7KAuBGVdzb4YA2iXlqHWKHQ7ai//dhoGug51k8 KVKlzeKgX9uTtWXYsAegf9374MWKw0Gj/N6nqmCa3p00MH5o6u5protm2VzZTkCD 7u+AXAZJ/M9YmwDzxhQAGzAWBLIxlyelkgbr/tDVp60t4mcQc6nxQTxnnsp0SAjP 95TziVZKcGDdFJYN8jgbwy3dNfs+d91oVOcj0MqViy+qKiIGDIJo97/oXBQM/S9I mnEiC7KoIjYgfhvYA7aCmgRPIwbcQz6h3pWp7qDdn2hJF/CD4OwuG+7S1TDP/quH mmfprHnyoFc3a13mqIyYVYDwBsFkLx4B1yHM2vTNvtHkTYXoAS9QiWNMdUi5Gsvg hBXrfRSTUMgiVN3v3rHu/PQR6eV7LQuX9X29CgnHy5OH+RkztWA7pUENmpGeuLVO qFDRxBSqLXfE4uNKzko+fQ4I/246FRGGwhWfKOqHISX364k2TtT8w/R1YPXZABEB AAGJAiUEGAECAA8FAlC/qoQCGwwFCQHhM4AACgkQoPuYIgVSMJMdrw//fEBRkd7g 6IprlQlpMZoHuVH3uZSZnZFRbUS2iI8ToQ1qKs33lQuKNN790ydbuQuzBUG9BqrY +JM1Qya6JI8zu/tdIuj9djgczXbfP/hQxxS/b5mC75E0hU5rMbM1p4E05bi4pnqG 6YuYu0DesRQnVg6WXe7SdrPcfQn2A1KKE6AtDrm+02GIokRQ2HEjI83pR+ucmzmE FSqut+UC9Q67EA0CKIBMPGu1mIvwqomG7Nb5DEgWGplql36SdWePIjXekoiifUzO ZYP6nzQqQeA7+9KLNUpw6PdDLoJ1hEi55RADkorZGk3Dh2y5icnGxueGBzbsFs1s l7MP9JGX1Bb1xeDzR+uTZ4KpZPvp4j9c4wueu+yNBC3ItHSyCF6FaWHRNCFi1uiX oBMe/wIyyPfTX/5MxK5n0CFIhJoamvjFoTpgx0Oxa5ZqFFTcprljg2Tx5mmgMjWF PCdQXchR5H/eeFzYSdnbrIALDCrr1YXH1vdzIdlFTrqWujIU1vb52BXbzSFLig0Q DEpSZC/UAH9TYGngP1SZ3/UTd/yXpzumF8tcbt8e0j9cD32C3i5vzRcRy6iZbZk3 CZzczi4DkQNs+XPghyKGFX07axlf9ze8Cz8Lceil6U7AAUgbrMLSFtbvugaN+4mX JkqpRJ4PKxHUlyIsiIWG1i51WARaheV6fGA= =XM19

 

-----END PGP PUBLIC KEY BLOCK-----