Documentation
Start typing to search…

Policy for Sharing Censys Rapid Response Queries

The Rapid Response program at Censys is dedicated to providing valuable insights to the broader security community. We publicly share a significant portion of our output to help improve understanding and prioritization of threats. You can review the advisories, blogs, and live dashboards in Rapid Response Archives.

Our goal is to level the playing field and empower defenders with data on emerging vulnerabilities. While we strive to provide meaningful, actionable data, we also prioritize responsible data sharing and carefully consider the potential impact of the information we release.

Considerations for providing queries

When determining whether to share Censys Search queries related to devices affected by Rapid Response issues, we take a careful, case-by-case approach. Each situation is evaluated based on various criteria to ensure responsible disclosure and maximize the benefit to the community. These include, but are not limited to:

Type of asset affected

We consider the type and importance of the affected asset. If it is highly critical, such as industrial control infrastructure, we are less likely to share the search query. Conversely, if it is less critical or handles less sensitive data, we are more inclined to share the query.

Device count

We are less likely to share a query if our dataset shows a relatively small number of affected devices, around 100 or fewer, as each host becomes more exposed and potentially actionable in this scenario. Conversely, if the number of affected devices is very large, in the range of hundreds of thousands to millions, we are more likely to share the query.

Scale of active exploitation

If the issue is widely known and actively exploited, with potential involvement from known threat actors, we are less likely to share the search query.

Ransomware cases

For ransomware incidents, we are more likely to share search queries for compromised hosts since they have already been breached. This helps researchers understand the extent of ongoing attacks and identify any patterns among the affected systems.

Modified queries for broader discovery

If we choose not to share queries that identify specific vulnerable versions, we may instead provide more abstract queries. For example, we may show readers how to broadly discover exposures of a particular affected device or software without directly specifying vulnerable versions.

Our goal is always to lower the bar for researchers and security practitioners to discover and address critical vulnerabilities while carefully managing the details we disclose.

Updated 20 days ago