Product Security
RStudio values the security of its products and customers; we appreciate contributions from the security community to further enhance the security of our software.
We ask that you follow these responsible disclosure guidelines:
To encourage responsible disclosure, we commit that we will not take legal action against you nor ask law enforcement to investigate if we determine that you have complied with the above responsible disclosure guidelines.
If you believe you have discovered a vulnerability in one of our products, please contact us immediately so that we may resolve the issue as quickly as possible. You may email the details of the vulnerability to security@rstudio.com. Please include the following information:
Please include as much information as possible. If we cannot reproduce the exploit with the information provided, we will be unable to proceed further.
We will attempt to respond to all reports within 3 business days however the time to research the issue may be longer. Depending on the outcome, detailed results of the investigation may not be made available until a fix is released.
If you have received a vulnerability assessment or penetration test report for your installed instance of an RStudio product and would like RStudio to comment, please please submit a support ticket at https://support.rstudio.com/ and include the following information:
Please include as much information as possible. If we cannot reproduce the exploit with the information provided, we will be unable to proceed further. Turnaround time is typically two weeks but may be longer due to volume.
Potential customers: Please work with your sales representative to coordinate completion of the questionnaire. A security non-disclosure agreement may be required.
Existing customers: If your organization requires a product security questionnaire to be completed by RStudio, please submit a support ticket at https://support.rstudio.com/ and include the following information:
Please ensure the questionnaire is appropriate for the type of product. For example, a SaaS or cloud-based questionnaire is not applicable to on-premise software. Turnaround time is typically two weeks but may be longer due to volume.
Unfortunately at this time we are unable to complete security questionnaires for open-source products or shinyapps.io.
RStudio does not offer a Bug Bounty program.
If you would like to encrypt your email to us, our PGP key is available below. If you encrypt your email, please include your PGP public key in your message or else the reply.
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: SKS 1.1.5 mQINBFmUu44BEAC54GaTQpKBnJKP1DkWV32HdW3hLaSqNQEfAKuu67CsdWQFUZw28psTcQvP Ek0Nf8xof/2V49fqQ4RKbJgDkSU3s/vJh/WTfFFubkCVRZGM8KuOrQSuyb5S+wnEYJUZQ2yB kE+430HjF906lzcBua8/WzUQV5FuTDD5nG2j3ZRX7kjQg8AULIjKdBf7Kh6bQyoHPJFPeQMz +8/tu8gd0srvuc5hoaxF+nwyb3ObnStF8wBLx4rskSjW5S2wAPEMy64xfk02dxQf66n6JwbY llWF0yNw5Lv9sJFgHsGCaDLi+38eOaaNrOQ0zDOOsgZAyKwxccl40KWbghzuTNo0e+AzKQVH GHB0jlUteBl1TM4ZRophWn54/hA567IwUydMZgfRZMJ6/H58k+zYSh+LaIyfQ4HAtptJc3tm NlE8Pt4skZvYfOvkEv/GMUsUpCVLXPYXbeIOuaGdkSt49U+BZfMR8Id8w0oQrY4wcVH9H4pu ojVuo9O/91KVVlLlNzYE8RigWT16g4JJ/vDYCafXjDs1zta5XemF8sMfM5nrvqYrOzyPVvYD XrnvExJPeDSQTblY0dkNPZcG2deypa4isdXC47mKmVof2UQ64GvLDqZ23WPT+BeIZcZ7fpGY eMPyvRG4czb9fW0Bdj5Ptki8fn6iA5qRAsZAIY4BAMdcCc8M/QARAQABtDFSU3R1ZGlvIFZ1 bG5lcmFiaWxpdHkgPHZ1bG5lcmFiaWxpdHlAcnN0dWRpby5jb20+iQI5BBMBCAAjBQJZlLuO AhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQYerLdNnz7GLgOBAAs6awdkmOSM2/ xV7bIpsliFrZQekFtcT+NPEUKy4vSmdYVqTRvFVTlPrUAha+K3sjDuaV4Zrf7vIfhN+5PNWy Hguhv7s+jhN5iOIii+3AUvqMY/vLjZyK8Df9N7ZKa3OfMXMqIQYu4oG+ySfcqeYij8ShyqwV JYB/Qrn2jwlV96BfVfsqvAcnc790KfR3Um7ef03o8HdkY1EWA3XH9uMn9mdB5hZTihLEdM/P orb6fSKA2+8YUCaNiXPy2m8sg4oEu87vQ1XA7sLz18HsNJMmMLOqtctQAM4evWuoUIwh57lp NMGPxwdAsBrOHKwJYuI6majs8TZnQ18Q3OdZ6JriwncFs6W87n5cRfKERtja7WFlxouS2dXe vts+YSrOXB7sD3Qy4UtaK2Va+5VhpOmCPKOOOn59du51AkIYbjG0gvc02RhzYgcy2covweDx 3jkDcP1an2ULydcuX9mOK0INRP2eveCQE4t35Wgc5BgVegLucdcqcbz7kDg6WiR0xvhrbnWf bXtpkXG5U6xbIuc/TALAT6njtJ/ruRCezh0+jQ00fPwxMqWzuXb3eLqpRij/F0KTg8eHtZ4/ qIj7cAiuucCsmSQ/HbqsBZDgHeK610gbltJy9g5qV4rqIVC02UjHqfpI2E1dJbXcWRXV8WmE 6WSXV3dWE9WJUsdWS3Zk7ZW5Ag0EWZS7jgEQAM72NxacSDshaA9aQ0FgNvqYbWJXJ4CTr4Wr eKyJmrY/X6J5BwufUEHN3w/tQQtSw36S2sxafGmkE2/asXwvAY4bm8n0HX9zq/szlJnprinb qFVVatkQjf2iQRdo9tbGdYJpeFm+PTCEUI4/aiapESkT0KlUu8O0kYmbL67caNAe/DyPBBP8 ifPtzwZq5cXLIsyqHgHruh2DYajoBIkO7G/0woEcnytF8KbndT9Zds+0+XXCBZD0vRnOQ61U Z3GdlD/45hp7GelajiDumv7BQCKy2dAkths5vvw4cricvRHGvp72rAsg2sJuU+CIZi74hhLO 05/5DeN1TzXM6GZI9D5tcr7n+fJGLQZWZg07FRF58jJGrpsSbbxmEi1yBUWpdJvrjw5Bjj3s ai14Tl51nZgk0vpuBlrg0z55r/Sp/kvQqlAHPazi91rCoRUH32wY9m11rPQPs3o8W/V2ot1D 0ZLsOW1gojSOuG6e6C0PU6WwzaAqtn3LS5xoFWaB9EL+tgoYIiexHTXAv49mgotk+gUv4Gij mgeEMo1RIkMISvUmbnuTWB2b3MnOP3AkorbYysZ+fuW4UImrCCS9UIOwHr28drP7qQkdjvu3 iWcP1iQPb8JoWAzXOHz1kBe/LwJLmzbABBn5iB8nQrLt+gcJHRpM7IsRAi2smfe6VInGLNL7 ABEBAAGJAh8EGAEIAAkFAlmUu44CGwwACgkQYerLdNnz7GLdqA//XOLv8LBpQTE+iJDudFqZ 65swv5yN0oY4vUcr5ybcdkgsq38jJNP48C98mQnpZcHCN+Wzi+F3/uoSrVKk+14t5FNFkgQI q+fgrUtTv2fz9sEurj5Zme66/JpIaQZwFsyBSeySv6T306sMJJToe8hl/cDf2P5s8ITAHeNc 8PoPQZ68LZdt2GCJCvYEJLHYlp0KoFN7wqkVlqgyKxKo16NjXNURZGldyqEVOjIbT2eInzSw AEBbve6OXm06riWTMKjsq6dtRTqqLFuGX9joOmvQNWz9qiHP1+no8i/ztNG2cyJizOrJmB/p MA6U2/u9rEqDL9qg9k70SXbSRiYu7iU7x/6v6ZSdrDUGbi0N1cOe2oc+By/cgU0rJHKObcaV eSp08xxRLvFYT0m0OFExE8iIXZYi9pbkuoq9hDV26IyKBQWr+rdKn1Khzi6xT56/wgw4ZO2S rElL+20WFJamutxdCxZkqPWXnxhDnh6UVN2yDKv4h6N4UJwCJJz43zodrtYgl+7OQF82Pi0D qzGFBbbKRkP+fZeLwKBf21nBpMdTLbX05NHbE2Paq9g3lg8Rv+alwQj0zAYh9gtssDNFhU2X /1hBcgxTKDTZ1scLoMqBIANfUkO64lXQBiTxqYTPUBMQ9yv+7tcHx/pMcg12a7XCjAr0mJbZ mvXw0IFW7IYP+tQ= =8BUx -----END PGP PUBLIC KEY BLOCK-----