Updated August 1 2022
Groq is committed to securing and protecting our customers and their data. We take measures to proactively safeguard against security risks using industry standard practices. We are committed to addressing security issues in a timely and responsible manner.
We encourage collaboration with the external security researcher community to help us identify and responsibly report security vulnerabilities in Groq products and systems. Groq, in its discretion, may credit or reward security researchers who find verifiable and unique vulnerabilities.
Groq would appreciate the ability to investigate and verify a potential vulnerability, so we ask that you privately report a vulnerability before releasing it to the public. If you would like to report a suspected vulnerability or to find out more about our vulnerability management practices, please email [email protected].
Guidelines for Researchers
We request security researchers to adhere to the following guidelines:
- You are at least 18 years of age, or have a parent’s or legal guardian’s permission prior to reporting.
- You are not a resident of a United States Government embargoed country or on a list of sanctioned individuals.
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services.
- Do not modify or access data that does not belong to you.
- Provide details of an original and previously unreported vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC).
- Provide Groq reasonable time to correct the issue before making any information public.
Third Party Products
If any reported issue affects a third-party library, external project, or another vendor, Groq reserves the right to forward details of the issue to that party without further discussion with the researcher. We will do our best to coordinate and communicate with researchers through this process.
All submissions will be governed by Groq’s Terms and Conditions.