Penetration testing
You're welcome to security-test your own ComputeSphere services — no prior approval required — as long as you follow the rules of engagement below. They keep your tests from affecting the platform or other customers.
What you can test
- Test the services, deployments, and endpoints in your own account.
- Run your own scanners and tooling against your own applications.
- Validate your app's configuration, authentication, and data handling.
What’s not allowed
- Denial-of-service (DoS/DDoS), or high-volume load or stress testing.
- Accessing, testing, or scanning any account, service, or data that isn't yours.
- Probing ComputeSphere's shared infrastructure, control plane, or console beyond your own services.
- Social engineering or phishing of ComputeSphere staff, customers, or vendors.
- Attempting physical access to any facility.
- Accessing, modifying, or exfiltrating other customers' data.
- Automated scans that degrade platform performance for others.
Reporting a vulnerability
Found something — in your own service or in the platform? Email security@computesphere.com with a clear description and steps to reproduce. Please give us reasonable time to investigate and remediate before disclosing publicly (responsible disclosure), and don’t access more data than is necessary to demonstrate an issue — stop and report immediately if you reach data that isn’t yours.
Scope & updates
Your own services are in scope for active testing; ComputeSphere’s platform and control plane are not — but if you discover a platform vulnerability, report it via the address above and we’ll take it from there. We may update this policy; the current version always lives on this page.