responsible disclosure policy

Responsible Disclosure Policy

Engine Yard Inc. and its subsidiaries (collectively, “Engine Yard”) understand that customers trust us to protect their data. The security of customer data is a significant responsibility that requires the highest priority. To that end, we work diligently to protect our customers from the latest security threats. Engine Yard also welcomes responsible and timely reports of any vulnerabilities discovered on our website or platforms.

Engine Yard will engage with the security community when vulnerabilities are reported to us. We will validate, respond and fix vulnerabilities in accordance with our commitment below. Engine Yard will not initiate legal action against individuals for penetrating or attempting to penetrate our website or platforms, provided they comply with the terms below. Engine Yard reserves all of its legal rights in the event of any noncompliance.

Testing:

  • Conduct vulnerability testing only against a “trial” deployment of our online services to minimize risk to our customers’ data
  • Refrain from accessing or modifying, or attempting to access or modify, data that does not belong to you
  • Refrain from executing, or attempt to execute, a Denial of Service (DoS) attack

Reporting:

  • Privately share the details of suspected vulnerabilities with the Engine Yard Security Team by sending an email to security@engineyard.com. Please use our public PGP key to keep your message secure. (ID: '0x5531E74F', Fingerprint: '3462 E9D3 0305 9D26 8B78 831B 462E 0A8F 5531 E74F')
  • Please include information to allow us to efficiently reproduce your steps including:
    • The target's Internet browser flavor and version
    • The steps necessary to reproduce the vulnerability including any specific settings that must be configured on the target to allow the vulnerability to be exploited
    • A copy of the HTML source code following your successful test

Compensation Requests:

  • Refrain from requesting compensation for reporting security vulnerabilities

Our Commitment:

To those individuals who follow our “Responsible Disclosure Policy,” Engine Yard commits to:

  • Promptly acknowledge receipt of your vulnerability report
  • Provide an estimated timetable for resolution of the vulnerability
  • Notify you when the vulnerability is fixed
  • Publicly acknowledge your responsible disclosure

Thank you!

On behalf of the many customers of our products, we would like to thank the following individuals for having made a responsible disclosure to us:

Name Date Name Date
Muhammad Talha Khan 2014
Vishal Mandora 2014
Jatin Mangani 2014
Nakul Mohan 2014
Imran Shaikh 2014
Meris Bihorac 2014
Waqeeh Ul Hasan 2014
Simone Memoli 2014
Ch. Muhammad Osama 2014
Nakul Mohan 2014
Daksh Patel 2013 Mehul Kareliya 2013
Ashish Tikarye 2013 Mehul Rana 2013
Web Pluss 2013 Ketankumar Godhani 2013
Sparsh Sharma 2013 Yogesh Modi 2013
Muhammad Shahmeer 2013 Jatinpreeet Singh 2013
Vinod Tiwari 2013 Arvind Singh Shekhawat 2013
Narendra Bhati 2013 Ravindra Singh Rathore 2013
Rishiraj Sharma 2013 Ashishkumar Dhaduk 2013
Ravi Chandroliya 2013 Nitesh Shilpkar 2013
Ravikumar Paghdal 2013 Ali Hasan Ghauri 2013
Jigar Thakkar 2013 Maheshkumar Darji 2013
Denis Kolegov 2013 Sahil Dhar 2013
Guifré Ruiz Utgés 2013 Adino Namchu 2013
Priyal Viroja 2013 Tejash Patel 2013
Doug Cleven 2013 Nauman Ashraf 2013
Christy Philip Mathew 2013 Kamil Sevi 2013
Adam Ziaja 2013 Sohail Azhar 2013
Shashank Kumar 2012 Simran Jeet Singh 2012
Rakan Alotaibi 2012 Prajal Kulkarni 2012
Alok.J.Sudhakar 2012 Ajay Singh Negi 2012
Nikhil.P.Kulkarni 2012 Chiragh Dewan 2012
Rafay Baloch 2012 M.R.Vignesh Kumar 2012
Krutarth Shukla 2012 Atulkumar Hariba Shedage 2012
Harsha Vardhan Boppana 2012 Emanuel Bronshtein 2012