Asset identifier: Any public (Internet-facing) infrastructure owned and operated by Palantir.
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: This is an expansive scope to help you identify security issues in any Internet-facing infrastructure we run.
All domains and subdomains owned and operated by Palantir are included within the scope. These may include, but are not limited to:
* palantir.com
* palantir.tech
* palantir.build
* palantircloud.com
* palantircloud.co.uk
* palantirfoundry.com
* palantirfoundry.co.uk
* palantirfoundry.de
* palantirfoundry.fr
* palantirfoundry.com.au
* palantirgov.com
* foundrygov.com
All assets and services on these, and other Palantir-owned domains (unless otherwise noted as out-of-scope) may be eligible for awards. This may include cloud resources, firewalls, network devices, servers, and other assets or applications.
Integrity requirements:
Max severity: critical
Asset identifier: Any public cloud (e.g. Amazon AWS, Microsoft Azure) resource or infrastructure operated and managed by Palantir.
Asset type: OTHER
Availability requirement:
Confidentiality requirement:
Eligible for bounty: true
Eligible for submissions: true
Instruction: - Public cloud storage accounts. (e.g. AWS S3 buckets, Azure data blobs)
- Public cloud compute servers. (e.g. AWS EC2 instances, Azure Virtual Machines)
