Security Policy

Reporting a security issue to Fluxiom

Fluxiom engineers constantly monitor logs and network events for indications of security vulnerabilities that may put customer data at risk. However, should you have any reason to believe there exists a security vulnerability on the Fluxiom platform, we invite you to report it to us immediately. This page presents the best way to report such problems to us, and introduces our response protocol.

Contacting Fluxiom

We invite users experiencing issues with Fluxiom to contact our support department Policy. If the issue you are reporting is related to the security and safeguarding of data, however, please know you can get in touch directly with our security staff on . Alternatively, you can telephone +1.707.703.5936 to record a voicemail message.

When reporting a security issue, please be as thorough as possible. Describe the steps you are taking, the results you are getting and the results you were expecting to get. Also, please provide us with detailed configuration information so that we can reproduce your testing environment as accurately as possible.

Note that you are not required to provide us with personal information. However, doing so will allow us to contact you back, keep you updated on our progress and give you credit for your contributions. You are therefore strongly encouraged to provide us with at least a name or pseudonym and an email address.

Full disclosure

We value the trust relationship we entertain with our clients above all. In that light, should we have any reason to believe a particular account has been compromised, we will liaise with the account owner as promptly as possible and provide him with detailed information regarding the issue, its cause, duration and impact. This rule knows no exception.If a breach were to affect an unknown number of accounts, or all of the accounts we host as a whole, we would additionally post information on our web site, blog or newsletter, depending on the nature and impact of the issue.

Responsible disclosure

While Fluxiom does not condone any cracking attempts, we will not prosecute users who report security issues to us, and provide us with the information and time necessary to fix the issue before bringing it to the public’s attention — a practice known as responsible disclosure. Users who opt to disclose security issues to us in a responsible manner will be kept posted about the progress of our analysis, and given due credit once the vulnerability is fixed.

As a general rule, Fluxiom welcomes all feedback from its users and the Internet community at large. This includes members of the security community who wish to share feedback or information with us.

Response procedure

Upon contacting us through our security reporting channels, you can expect to hear back within 48 business hours. Please note that we reply to each and every legitimate submission. If you have not received a reply from us within 48 business hours, feel free to re-submit the ticket or telephone us to ask for a status update.

Once a submission is acknowledged and received, it will be escalated to our engineers who will analyze the nature of the issue as it relates to the Fluxiom platform. If necessary, emergency patches will be published to the platform while the analysis continues in order to minimize the window of exposure.

We will keep submitters updated throughout the process, and let them know once the final fix has been published. The resolution of security issues takes precedence over the development of new features or the improvement of existing ones, and we will always strive to publish updates as promptly as possible.

Every security update brought to our platform triggers a full quality assurance review, to audit and improve both our code and our testing procedures.

Whitehats

Special thanks goes out to the following people for making a responsible disclosure to us:

  • Shashank Kumar
  • Issam Rabhi
  • Kamil Sevi
  • Anand Sundar Tiwari
  • Berkay Aydin
  • Piotr Smaza
  • Rafael Pablos
  • Ishan Anand
  • Jaymark Pestaño
  • Danish Tariq
  • Nakul Mohan