Security Response

We appreciate your concern

Your input and feedback on our security is always welcome and appreciated. Keeping client data safe and private is a huge responsibility and our top priority. We work hard to protect our customers from the latest threats.

Reporting a security incident

If you believe that you’ve discovered a security flaw, that might impact our product, please let us know by sending an explanation of the issue directly to [email protected]. We’ll acknowledge receipt of your report as soon as possible. If you don’t receive a response from us within eight hours, please call us at 1-650-331-7336. For requests that aren’t urgent or sensitive, submit a support ticket.

Tracking and disclosing security issues

The process of notifying a vendor, before publicly releasing information, is an industry-standard best practice known as responsible disclosure. Responsible disclosure is important to the ecology of the Internet. It allows companies like Norada to keep clients safe by fixing vulnerabilities and resolving security concerns before they are brought to the attention of the bad guys. We strongly encourage anyone who is interested in researching and reporting security issues to observe the professional courtesies and protocols of responsible disclosure.

If you submit a report, here’s what will happen:

• We’ll quickly acknowledge receipt of your report.
• We’ll work with you to ensure we fully understand the issue and determine if and how it might impact our services.
• We’ll work diligently to protect and minimize any disclosure of client information.
• We’ll implement technical measures to permanently address the threat as quickly as possible.
• We’ll thoroughly review all records to account for any prior exploitation and work with recognized authorities in their investigation if required.

Thanks for working with us

Maintaining high security is done through the collaboration of our clients, our engineers and the external security enthusiasts who keep vendors like us on our toes. We respect the time and talent that drives new discoveries in web security technology. These combined efforts go a long way in making the Internet safer and more secure for everyone.

The following security researchers have helped us keep Solve safe for everyone. We very much appreciate their efforts.

• Ajay Negi
• Anand Sundar Tiwari
• Atulkumar Shedage
• FaisaL Ahmed
• Frans Rosén
• Hammad Shamsi
• Jaswinder Singh
• Kamil Sevi
• Krutarth Shukla
• Mohankumar Vengatachalam
• Sam Gandhi
• Saqib Kamran
• Scott Glossop
• Siddhesh Gawde
• Vedachala - Vindhyachala
• Yaroslav Olejnik

Additional information

2015-01-27 “GHOST” glibc Security Notice

GHOST is a vulnerability discovered in a core Linux function. Our engineering team has already patched our systems for this issue.

2014-10-14 “POODLE” SSLv3 Security Notice

Google security researchers discovered a vulnerability in SSLv3. Our engineering team has already responded by disabling SSLv3 from our endpoints.

2014-09-25 “Shellshock” Bash bug Security Notice

Shellshock Bash bug is a potentially serious security vulnerability on Unix and Linux based systems. Our engineering team investigated this matter thoroughly and have already patched for this vulnerability. Additional background: CVE-2014-7169, CVE-2014-6271

2014-04-09 “Heartbleed” Security Notice

Heartbleed is a serious bug reported in OpenSSL, a core security component that is used by the major of sites on the Internet. Our team proactively responded to this threat and quickly patched all production servers to mitigate the vulnerability. As a matter of best-practice we have also revoked, re-keyed and re-issued our SSL certificates. As a precautionary measure you should change your password, particularly if you’ve used the same password on several websites.