Broadening Palantir's Bug Bounty Program: Trust, Security, and Transparency

Security, privacy, transparency, and customer trust are pillars of our culture and business disposition.

Continuing our investment in these values, we are excited to announce the expansion of our public bug bounty program for Palantir’s software and infrastructure. We are partnering with HackerOne to encourage security professionals around the world to help us maintain the highest standard of security and privacy for our users and their data.

Effective today, our HackerOne bug bounty program will handle all reports for any security issue or defect on Palantir-operated infrastructure or applications. As the year progresses, we plan to invite members of the HackerOne platform to private programs that will grant them authenticated access to Palantir Foundry and Palantir Apollo for responsible security testing.

We are adding new commitments to our disclosure policies and re-affirming others:

• Publicly disclosing and publishing common vulnerabilities and exposures (CVEs) for all material security defects identified in our supported software products. We will endeavor to publicly disclose issues no more than 30 days after an issue has been identified, fixed, and communicated to our customers.
• Publicly disclosing all reported and resolved HackerOne security reports for our infrastructure or products.
• Maintaining the highest degree of transparency and communication regarding any material security issues or incidents that may adversely impact Palantir, our customers, or their data.
• Continuing our deep investment and innovation in security and privacy controls within our products, our organization, and partnership with the broader industry.

During these times of heightened global turmoil and insecurity, our customers rely on our software products more than ever. We are up to the challenge.

To learn about Palantir’s InfoSec team, visit our website or view our open positions.