Your input and feedback on our security is always welcome and appreciated. Keeping client data safe and private is a huge responsibility and our top priority. We work hard to protect our customers from the latest threats.
If you believe that you’ve discovered a security flaw, that might impact our product, please let us know by sending an explanation of the issue directly to email@example.com. We’ll acknowledge receipt of your report as soon as possible. If you don’t receive a response from us within eight hours, please call us at 1-650-331-7336. For requests that aren’t urgent or sensitive, submit a support ticket.
The process of notifying a vendor, before publicly releasing information, is an industry-standard best practice known as responsible disclosure. Responsible disclosure is important to the ecology of the Internet. It allows companies like Norada to keep clients safe by fixing vulnerabilities and resolving security concerns before they are brought to the attention of the bad guys. We strongly encourage anyone who is interested in researching and reporting security issues to observe the professional courtesies and protocols of responsible disclosure.
If you submit a report, here’s what will happen:
Maintaining high security is done through the collaboration of our clients, our engineers and the external security enthusiasts who keep vendors like us on our toes. We respect the time and talent that drives new discoveries in web security technology. These combined efforts go a long way in making the Internet safer and more secure for everyone.
The following security researchers have helped us keep Solve safe for everyone. We very much appreciate their efforts.
GHOST is a vulnerability discovered in a core Linux function. Our engineering team has already patched our systems for this issue.
Google security researchers discovered a vulnerability in SSLv3. Our engineering team has already responded by disabling SSLv3 from our endpoints.
Shellshock Bash bug is a potentially serious security vulnerability on Unix and Linux based systems. Our engineering team investigated this matter thoroughly and have already patched for this vulnerability. Additional background: CVE-2014-7169, CVE-2014-6271
Heartbleed is a serious bug reported in OpenSSL, a core security component that is used by the major of sites on the Internet. Our team proactively responded to this threat and quickly patched all production servers to mitigate the vulnerability. As a matter of best-practice we have also revoked, re-keyed and re-issued our SSL certificates. As a precautionary measure you should change your password, particularly if you’ve used the same password on several websites.
Posted by +Steve Ireland