Security Research Policy

As a security solution provider, ensuring the integrity and security of our solutions is of the highest importance. As the threats facing enterprises rapidly change, investigating and responding to security issues becomes critical. While we realize and plan for emerging threats, new vulnerabilities and endless opportunities to improve, we wholeheartedly believe in embracing the external security research community. We rely on efforts from our internal testing and external security researchers to identify vulnerabilities, and then remediate issues. This process is paramount in further improving the security of both our solutions and our customers. We leverage BugCrowd to proactively engage with their community of vetted external security researchers and receive their vulnerability findings to triage in alignment with our Responsible Disclosure Policy – see below.

Additionally, SailPoint is committed to triaging security findings from the entire community of security researchers. If you are an external researcher you can submit your finding via the Submission Form at the bottom of this page.

If you are a current customer, please report the vulnerability through a customer support request instead of the Submission Form below.

Bug Bounty Program

SailPoint operates an invite-only Bug Bounty Reward Program for eligible researchers where monetary compensation is paid for eligible findings. For more information, refer to the SailPoint Bug Bounty program on the BugCrowd platform.