Our Responsible Disclosure Policy

As many of you know, GitHub recently experienced a security breach that caused some challenges for Engine Yard and our customers. As part of this, GitHub made the difficult, but absolutely right decision, in requiring all users of their service to re-validate their SSH keys. Additionally, GitHub took the opportunity to release their “Responsible Disclosure of Security Vulnerabilities” policy that outlines how to interact with them when sharing security vulnerabilities.

At the end of 2011, Engine Yard conducted a detailed security audit against our Engine Yard Cloud and Orchestra platforms. While the investment was significant, we realize the importance and value that regular security testing brings. With that said, we also value the community’s input into our security posture. With that in mind, and following the lead of our friends at GitHub, we released a similar “Responsible Disclosure Policy” that outlines our commitment to you when you take the time to responsibly test and disclose security vulnerabilities to us.


We value your input and are focused on providing a safe and secure platform for our customers, and the larger community.