Report vulnerability

Vulnerability Disclosure Programme

Introduction

As one of the world’s largest natural resource companies, we take security seriously. We believe that the security of our systems and data is of the highest importance.

We also understand that security researchers play an important role in identifying vulnerabilities and helping us maintain a secure environment. We encourage responsible disclosure of any vulnerabilities that may be found in our systems or applications.

We will not compensate you for reporting any potential or confirmed vulnerabilities.

Security research within the scope of this programme

This programme applies to:

Any platform or service under Glencore's direct ownership or indirectly controlled or operated by Glencore plc worldwide. https://www.glencore.com/world-map

What is our commitment?

When a vulnerability is reported, we take it seriously and investigate it promptly. Our team of security experts will review the report, assess the severity of the vulnerability, and will endeavour to respond to you within 7 days.

We will keep you informed throughout the process and provide regular updates.

We will review requests for public disclosure.

Security research out of scope of this programme

Clickjacking
Social Engineering (phishing, vishing, baiting etc.)
Weak or insecure SSL ciphers or certificates
Any Denial of Service attacks (DOS or DDOS)
Physical attacks against any properties, belongings or employees and contractors.
Attempts to modify or destroy data
Actions that violate international law

How to report a vulnerability

Please submit your vulnerability report through the webform below.

Provide as much detail as possible with your report and include steps to reproduce the issue.

Our commitment

We will not pursue legal action / demands (unless deliberate non-compliance with this programme).
We will provide a response and acknowledgement of your lodgement of your report within 7 days.

For information about relevant Glencore policies see: