Atmos Pro Logo

Atmos Pro

ProductPricingDocsBlogChangelog
Create Workspace
Back to Legal

Responsible Disclosure

Cloud Posse takes security seriously across our platform and open-source projects. If you believe you've discovered a vulnerability, we encourage you to report it responsibly.

1. Reporting a Vulnerability

Please report any vulnerabilities via email to security@cloudposse.com. We investigate all legitimate reports and strive to respond promptly.

A machine-readable version of this policy is also available at /.well-known/security.txt per RFC 9116.

2. What to Include

To help us assess and respond effectively, please include:

  • A description of the issue and its potential impact
  • Steps to reproduce the issue
  • Any relevant URLs, repositories, or affected components
  • Suggested mitigation, if known

3. What to Expect

  • You'll receive an acknowledgment within 48 hours
  • We'll provide an estimated timeline for resolution
  • We'll notify you once the issue has been addressed

4. Scope

This policy covers:

  • Public websites operated by Cloud Posse (including cloudposse.com, atmos.tools, and atmos-pro.com)
  • Open-source repositories under the cloudposse GitHub organization
  • Infrastructure components directly managed and operated by Cloud Posse, including the Atmos Pro platform

5. Bug Bounties

Cloud Posse does not offer monetary rewards or bug bounties. We maintain a wide array of open-source projects, freely available under permissive licenses. We welcome contributions of all kinds — including security reports — but do not provide financial compensation. This ensures fairness and equality across our community.

6. Responsible Disclosure

We believe in transparency and collaboration with the security community. Researchers who report valid vulnerabilities may be publicly acknowledged at Cloud Posse's discretion.

Thank you for helping keep Cloud Posse and the broader open-source ecosystem safe.

Contact

For security reports: security@cloudposse.com

Last updated: April 17, 2026