Engine Yard Responsible Disclosure Policy

Responsible Disclosure Policy

Engine Yard Inc. and its subsidiaries (collectively, “Engine Yard”) understand that customers trust us to protect their data. The security of customer data is a significant responsibility that requires the highest priority. To that end, we work diligently to protect our customers from the latest security threats. Engine Yard also welcomes responsible and timely reports of any vulnerabilities discovered on our website or platforms.

Engine Yard will engage with the security community when vulnerabilities are reported to us. We will validate, respond and fix vulnerabilities in accordance with our commitment below. Engine Yard will not initiate legal action against individuals for penetrating or attempting to penetrate our website or platforms, provided they comply with the terms below. Engine Yard reserves all of its legal rights in the event of any noncompliance.

Testing:

Conduct vulnerability testing only against a “trial” deployment of our online services to minimize risk to our customers’ data
Refrain from accessing or modifying, or attempting to access or modify, data that does not belong to you
Refrain from executing, or attempt to execute, a Denial of Service (DoS) attack

Reporting:

Privately share the details of suspected vulnerabilities with the Engine Yard Security Team by sending an email to security@engineyard.com. Please use our public PGP key to keep your message secure. (ID: '0xC7CC15AB', Fingerprint: '7AF0 04DE C3D5 2205 8C21 48AC 1DF2 16B2 C7CC 15AB')
Please include information to allow us to efficiently reproduce your steps including:
- The target's Internet browser flavor and version
- The steps necessary to reproduce the vulnerability including any specific settings that must be configured on the target to allow the vulnerability to be exploited
- A copy of the HTML source code following your successful test

Compensation Requests:

Refrain from requesting compensation for reporting security vulnerabilities

Our Commitment:

To those individuals who follow our “Responsible Disclosure Policy,” Engine Yard commits to:

Promptly acknowledge receipt of your vulnerability report
Provide an estimated timetable for resolution of the vulnerability
Notify you when the vulnerability is fixed
Publicly acknowledge your responsible disclosure

Thank you!

On behalf of the many customers of our products, we would like to thank the following individuals for having made a responsible disclosure to us:

Name	Date	Name	Date
Shawar Khan	2016
Muhammad Talha Khan	2014
Vishal Mandora	2014
Jatin Mangani	2014
Nakul Mohan	2014
Imran Shaikh	2014
Meris Bihorac	2014
Waqeeh Ul Hasan	2014
Simone Memoli	2014
Ch. Muhammad Osama	2014
Nakul Mohan	2014
Daksh Patel	2013	Mehul Kareliya	2013
Ashish Tikarye	2013	Mehul Rana	2013
Web Pluss	2013	Ketankumar Godhani	2013
Sparsh Sharma	2013	Yogesh Modi	2013
Muhammad Shahmeer	2013	Jatinpreeet Singh	2013
Vinod Tiwari	2013	Arvind Singh Shekhawat	2013
Narendra Bhati	2013	Ravindra Singh Rathore	2013
Rishiraj Sharma	2013	Ashishkumar Dhaduk	2013
Ravi Chandroliya	2013	Nitesh Shilpkar	2013
Ravikumar Paghdal	2013	Ali Hasan Ghauri	2013
Jigar Thakkar	2013	Maheshkumar Darji	2013
Denis Kolegov	2013	Sahil Dhar	2013
Guifré Ruiz Utgés	2013	Adino Namchu	2013
Priyal Viroja	2013	Tejash Patel	2013
Doug Cleven	2013	Nauman Ashraf	2013
Christy Philip Mathew	2013	Kamil Sevi	2013
Adam Ziaja	2013	Sohail Azhar	2013
Shashank Kumar	2012	Simran Jeet Singh	2012
Rakan Alotaibi	2012	Prajal Kulkarni	2012
Alok.J.Sudhakar	2012	Ajay Singh Negi	2012
Nikhil.P.Kulkarni	2012	Chiragh Dewan	2012
Rafay Baloch	2012	M.R.Vignesh Kumar	2012
Krutarth Shukla	2012	Atulkumar Hariba Shedage	2012
Harsha Vardhan Boppana	2012	Emanuel Bronshtein	2012