How to Report a Vulnerability

At Looker, building secure software is our highest priority. While driven to deliver a unique industry-disrupting modern data analytics solution, we never lose sight of our dedication to protecting you from the latest security threats. With that in mind, we hope that if you discover a security vulnerability in our product, you’ll share it with us right away.

We appreciate your help in disclosing security vulnerabilities to us in a responsible manner. We welcome responsible and timely reports of any vulnerabilities discovered in our product or on our website. We will engage with the security community when vulnerabilities are reported to us. We will validate, respond and fix vulnerabilities in accordance with our commitment below. Looker will not initiate legal action against individuals for penetrating or attempting to penetrate our website or platforms, provided they comply with the terms below. Looker reserves all of its legal rights in the event of any noncompliance.


Identification

If you happen to find an issue, refrain from accessing or modifying, or attempting to access or modify, data that does not belong to you.

Refrain from executing, or attempt to execute, a Denial of Service (DoS) attack against the product or the website.

Once you have proven that your test steps are accurate and repeatable, refrain from attempting to exploit a discovered issue.

Reporting

Privately share the details of suspected vulnerabilities with the Looker Security Team by sending an email to security@looker.com.

Where possible, encrypt your email message using our public GPG key. (ID: '7959EC1F', Fingerprint: '92EF F690 8BEF D5CA 65C4 1AC6 399C DF34 7959 EC1F')

Please include information to allow us to efficiently reproduce your steps including:

  • Your Internet browser flavor and version
  • The steps necessary to reproduce the vulnerability including any specific settings that must be configured on the target to allow the vulnerability to be exploited
  • A copy of the HTML source code following your successful test

Our Commitment

To those individuals who follow our “Responsible Disclosure Policy,” Looker commits to:

  • Promptly acknowledge receipt of your vulnerability report
  • Provide an estimated timetable for resolution of the vulnerability
  • Notify you when the vulnerability is fixed
  • Acknowledge your help and reward you for identifying the issue!

Love your Analytics

Business intelligence, big data analytics, or a 360 view of your customers. Whatever you need, Looker can help. Talk to our data experts.

Request a Demo