Rackspace Technology Security Vulnerability Reporting
We've designed our infrastructure and services for security, to protect our customers and their data. But if you discover a security vulnerability with any of our products, control panels, or other infrastructure, we want to know.
Reporting process
Security issues within our product offerings take a very high priority. We want to work with you to understand the scope of the vulnerability and ensure that we correct the problem fully.
1. Report a vulnerability by notifying us at security@rackspace.com. (If needed, you can encrypt your email using our public PGP key.) Please provide detailed information about the following:
- The product, control panel, or infrastructure involved.
- The steps required to reproduce the issue. Please provide scripts/requests, if possible.
- The impact of the vulnerability and how it can be exploited.
Remember to use discretion when reporting issues and respect our customers’ and users’ data and privacy.
2. Once we receive your report, we will contact you to confirm we have received it. We may also contact you for additional information, as we investigate the issue.
3. Please do not post or share any information about a potential security vulnerability in any public setting until we have researched, responded to, and addressed the reported vulnerability and informed customers, if needed. Our products are complex, and reported security vulnerabilities will take time to investigate, address, and fix.
Security disclosure and notifications
For the protection of our customers, Rackspace Technology does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches, fixes, or releases are available. Rackspace Technology usually distributes security disclosures and notifications through blog posts and customer support portals.
Keeping our community safe
We would like to acknowledge the following people who have responsibly disclosed security vulnerabilities in the past. We will update this list three to four times per year. Thank you for your help in keeping our community safe.
- Tom Maher
- Daksh Patel*
- Koutrouss Naddara
- Kamil Sevi
- Osanda Malith Jayathissa*
- Rodolfo Godalle, Jr.
- Sabari Selvan
- Tikarye Ashish B.
- Gurjant Singh Sadhra
- Ishan Anand
- Jayvardhan Singh
- Ciaran McNally
- Ketan Sirigiri
- Sangeetha Rajesh S
- Scott Glossop
- Yasir Zargar
- Joel Parker Henderson
- Zeel Chavda
- Noman Shaikh
- Rishabh Sharma*
- Shawar Khan
- Zee Shan
- Prial Islam
- Zika Ds
- Piyush Soni
- Macall Salugsugan
- Vineet Kumar
- Andrew Stucki
- Ben Leonard-Lagarde
- Maksym Bendeberia (Websafety Ninja)
- R Atikislam
- Robbie Wiggins
- Salonee Jaiswal
- Pranav Bhandari
- Ken Nevers @k3nundrum (Red Sea Information Security)
- Aman Deep Singh Chawla
- Quang Vu Dinh @vudq16 (NCSC VietNam)
- Varun Gupta
- John Moss (7 Elements)
- Subhasish Mukherjee
- Apoorva Jois
- Pratik Dabhi LinkedIn / Twitter
- K Mohammed Danish Faraz LinkedIn / Twitter
- Ibrahim Saud M LinkedIn / Twitter
- Wesley Kirkland LinkedIn
- Pritam Mukherjee
- Sadik Shaikh
- Yunus Yıldırım
- Shiraz Ali Khan
- Ahmed Salah Abdalhfaz
- Guillermo Gregorio
* Indicates two or more vulnerabilities have been reported
Note: While we sincerely appreciate reports for vulnerabilities of all severity levels, this listing is reserved for people who have reported previously unknown vulnerabilities, which Rackspace Technology has determined to be of a high or critical severity, or in cases where there has been continued research or other contributions made by the person.
Having trouble with an account?
If you’re a Rackspace Technology customer and you’re having difficulty accessing your account, or if you believe your account has been accessed without your authorization, please contact your support team.