Nitrogen Security Response Policy

Responsible Disclosure

Security threats on the Internet are growing far faster than any one company or team can stay ahead of, so providing top-notch security is always a community effort. We’re very grateful to the white hat community of independent security researchers for their responsible security reports, particularly of issues that could theoretically lead to potential system intrusions or unauthorized data access.

Security and privacy for our customers and their data is of the utmost importance. We work hard to keep our security infrastructure and practices up to date, and welcome the responsible disclosure of any vulnerabilities you may find.

Reporting

We are most interested in vulnerabilities that could theoretically lead to leakage of customer data. The decisions of which reports represent valid concerns and deserve recognition are made at the sole discretion of Nitrogen.

Above all, please make a good faith effort to protect our users’ privacy and data. Please don’t interrupt or degrade our services. Please do not disclose the details of any discoveries until you have notified us and given us an opportunity to respond and fix the issue.

Please send reports to [email protected]. For particularly sensitive information you’re welcome to use our public key to encrypt the message (please provide a way for us to respond securely). We’ll typically follow up within a few business days.

Our Grateful Thanks

We appreciate the effort and skill of those who help keep our services secure. The following experts and researchers have helped us improve our security offerings.

• Shahee Mirza
• Ali Hasan Ghauri
• Daksh Patel
• Manish Bhattacharya
• Rakesh Singh & Harish Kumar (@zerodayguys)
• Rakesh Singh
• Maulik Shah
• Danish Tariq
• Muhammad Talha Khan
• Osanda Malith Jayathissa
• Arvind Singh Shekhawat
• Rafael Pablos
• Muhammad Shahmeer
• Adam Ziaja
• Justine Edic
• Dan McInerney
• Chris Marlow
• Prafull Agarwal
• Waleed Ezz Eldin (WIBF)
• Guilherme Scombatti
• Eliran Itzhak
• Nikhil Rane
• Mohd.Danish Abid

Security Policies

Personnel

Every Nitrogen employee receives a background check, completes information security training, and agrees to our information security policy and code of ethics.

Web Application Security

Nitrogen follows the best industry standard security practices (e.g., 256-bit SSL encryption) and undergoes regular 3rd party vulnerability assessments to ensure that we adhere to the following guides:

• PCI DSS
• OWASP Top 10
• SANS CWE Top 25
• CERT Secure Coding

Data Center Security

Nitrogen undergoes regular 3rd party penetration tests to ensure that we maintain the the best industry standard security practices.

Our data centers are located in the United States and have obtained the following certifications:

• SSAE 18 SOC2 Type II
• ISO 27001:2005
• PCI DSS Level 1
• Safe Harbor