Riskalyze Security Response Policy

Responsible Disclosure

Security threats on the Internet are growing far faster than any one company or team can stay ahead of, so providing top-notch security is always a community effort. We’re very grateful to the white hat community of independent security researchers for their responsible security reports, particularly of issues that could theoretically lead to potential system intrusions or unauthorized data access.

Security and privacy for our customers and their data is of the utmost importance. We work hard to keep our security infrastructure and practices up to date, and welcome the responsible disclosure of any vulnerabilities you may find.

 

Reporting

We are most interested in vulnerabilities that could theoretically lead to leakage of customer data. The decisions of which reports represent valid concerns and deserve recognition are made at the sole discretion of Riskalyze.

Above all, please make a good faith effort to protect our users’ privacy and data. Please don’t interrupt or degrade our services. Please do not disclose the details of any discoveries until you have notified us and given us an opportunity to respond and fix the issue.

Please send reports to [email protected]. For particularly sensitive information you’re welcome to use our public key to encrypt the message (please provide a way for us to respond securely). We’ll typically follow up within a few business days.

 

Our Grateful Thanks

We appreciate the effort and skill of those who help keep our services secure. The following experts and researchers have helped us improve our security offerings.

 

Security Policies

Personnel

Every Riskalyze employee receives a background check, completes information security training, and agrees to our information security policy and code of ethics.

 

Web Application Security

Riskalyze follows the best industry standard security practices (e.g., 256-bit SSL encryption) and undergoes regular 3rd party vulnerability assessments to ensure that we adhere to the following guides:

  • PCI DSS
  • OWASP Top 10
  • SANS CWE Top 25
  • CERT Secure Coding

 

Data Center Security

Riskalyze undergoes regular 3rd party penetration tests to ensure that we maintain the the best industry standard security practices.

Our data centers are located in the United States and have obtained the following certifications:

  • SSAE 16 SOC2 Type II
  • ISO 27001:2005
  • PCI DSS Level 1
  • Safe Harbor