Security

At Sauce Labs we take security seriously. Whether it is the code we write, the software we use or the platform services we provide, security is always extremely important. We know that you rely on Sauce to help your developers deliver better software, faster, and we are committed to protecting your investment. We're SOC 2 Type 1 compliant (read the report) and available to answer any security questions you may have.

Security Policy

Sauce Labs is a company built on community and trust. We firmly believe that transparency and honesty are the only ways to build and maintain that trust. At Sauce Labs, we promise to disclose all relevant information in the event of a security incident, however our first directive is to keep our customers secure and operational. In the event that disclosure may increase the risk to our customers, we ask for sufficient time to resolve the vulnerability before sharing the information. Another aspect of community is the goal of contributing to the health of the group as a whole. Any individual or group that discovers and subsequently notifies Sauce Labs, of a current or potential issue, is fully credited for their contribution (unless requested otherwise).

Need to report a security incident or a security bug/vulnerability?

If you believe you've found a potential security issue, we want to ensure the correct members of our team are alerted as soon as possible.

If you need to report a security incident, please submit your findings below

If you have found a security bug or vulnerability please use the following form

We will respond to your security-related query within one (1) business day. If you have not received a response, please ensure that any communication from Sauce Labs is not in junk-mail or spam-filters.

How do I track my submission? What is the process?

Upon submission of an issue, it will be evaluated and reproduced to validate the bug. You will receive a response notifying you that we are working on the issue, and will get back to you shortly. The vulnerability will be categorized, ranked and prioritized. At that time you will receive a follow up email with the expected resolution time. A blog post will be created crediting the submitter (unless requested otherwise), and a link to the blog post will be archived on this page.