Engine Yard stack v7 is now generally available  Learn more 

Responsible Disclosure Policy

Responsible Disclosure Policy

Engine Yard Inc. and its subsidiaries (collectively, “Engine Yard”) understand that customers trust us to protect their data. The security of customer data is a significant responsibility that requires the highest priority. To that end, we work diligently to protect our customers from the latest security threats. Engine Yard also welcomes responsible and timely reports of any vulnerabilities discovered on our website or platforms.

Engine Yard will engage with the security community when vulnerabilities are reported to us. We will validate, respond and fix vulnerabilities in accordance with our commitment below. Engine Yard will not initiate legal action against individuals for penetrating or attempting to penetrate our website or platforms, provided they comply with the terms below. Engine Yard reserves all of its legal rights in the event of any noncompliance.

Testing:

  • Conduct vulnerability testing only against a “trial” deployment of our online services to minimize risk to our customers’ data
  • Refrain from accessing or modifying, or attempting to access or modify, data that does not belong to you
  • Refrain from executing, or attempt to execute, a Denial of Service (DoS) attack

Reporting:

  • Privately share the details of suspected vulnerabilities with the Engine Yard Security Team by sending an email to security@engineyard.com. Please use our public PGP key to keep your message secure. (ID: ‘0xC7CC15AB’, Fingerprint: ‘7AF0 04DE C3D5 2205 8C21 48AC 1DF2 16B2 C7CC 15AB’)
  • Please include information to allow us to efficiently reproduce your steps including:
    • The target’s Internet browser flavor and version
    • The steps necessary to reproduce the vulnerability including any specific settings that must be configured on the target to allow the vulnerability to be exploited
    • A copy of the HTML source code following your successful test

Compensation Requests:

  • Refrain from requesting compensation for reporting security vulnerabilities

Our Commitment:

To those individuals who follow our “Responsible Disclosure Policy,” Engine Yard commits to:

  • Promptly acknowledge receipt of your vulnerability report
  • Provide an estimated timetable for resolution of the vulnerability
  • Notify you when the vulnerability is fixed
  • Publicly acknowledge your responsible disclosure

Thank you!

On behalf of the many customers of our products, we would like to thank the following individuals for having made a responsible disclosure to us:

NameDate
Shawar Khan2016
Muhammad Talha Khan2014
Vishal Mandora2014
Jatin Mangani2014
Nakul Mohan2014
Imran Shaikh2014
Meris Bihorac2014
Waqeeh Ul Hasan2014
Simone Memoli2014
Ch. Muhammad Osama2014
Nakul Mohan2014
Daksh Patel2013
Ashish Tikarye2013
Web Pluss2013
Sparsh Sharma2013
Muhammad Shahmeer2013
Vinod Tiwari2013
Narendra Bhati2013
Rishiraj Sharma2013
Ravi Chandroliya2013
Ravikumar Paghdal2013
Jigar Thakkar2013
Denis Kolegov2013
Guifré Ruiz Utgés2013
Priyal Viroja2013
Doug Cleven2013
Christy Philip Mathew2013
Adam Ziaja2013
Mehul Kareliya2013
Mehul Rana2013
NameDate
Ketankumar Godhani2013
Yogesh Modi2013
Jatinpreeet Singh2013
Arvind Singh Shekhawat2013
Ravindra Singh Rathore2013
Ashishkumar Dhaduk2013
Nitesh Shilpkar2013
Ali Hasan Ghauri2013
Maheshkumar Darji2013
Sahil Dhar2013
Adino Namchu2013
Tejash Patel2013
Nauman Ashraf2013
Kamil Sevi2013
Sohail Azhar2013
Shashank Kumar2012
Rakan Alotaibi2012
Alok.J.Sudhakar2012
Nikhil.P.Kulkarni2012
Rafay Baloch2012
Krutarth Shukla2012
Harsha Vardhan Boppana2012
Simran Jeet Singh2012
Prajal Kulkarni2012
Ajay Singh Negi2012
Chiragh Dewan2012
M.R.Vignesh Kumar2012
Atulkumar Hariba Shedage2012
Emanuel Bronshtein2012