Responsible Disclosure Policy

Ouster Responsible Disclosure Policy

Security is a top priority for Ouster, we believe that working with skilled security researchers can identify vulnerabilities in any technology. If you believe you’ve found a security vulnerability in Ouster’s products or services, please notify us.

Disclosure Policy Policy Exclusions

If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at security@ouster.io.


  • In your email please provide sufficient information, so that we may understand your discovery.

  • We will acknowledge your email within one week.

  • Please provide us with a reasonable amount of time to review and if appropriate to resolve the potential vulnerability before disclosing it to the public or a third party.

  • We request that you make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Ouster product or service. Please only interact with accounts that you own or for which you have explicit written permission from the account holder.

Policy Exclusions


When Ouster provides its products and services, it strives to ensure a safe and secure environment for all of its users. As such, any users who are engaging, or are believed to be engaging, in the activities noted below will have their user credentials immediately deactivated.

Prohibited activities:

  • Attacking any Ouster hardware that is in production

  • Denial-of-Service (DoS)

  • Spamming

  • Social engineering or phishing of Ouster employees or contractors

  • Any attacks against Ouster’s physical property or data centers


This policy as well as the policy exclusions apply to all Ouster products and services. Thank you for helping to keep Ouster and our users safe!

Contact

Ouster is always open to feedback, questions and suggestions. If you would like to talk to us, please email us at security@ouster.io