Hootsuite There Was Trouble Connecting to the 3rd Party Service. Please Try Again.

Infrastructure

Hootsuite utilizes both deject and concrete servers in our infrastructure. Our deject is provisioned by a well-known top tier provider. Our concrete servers are located in Tier-4 datacenters with full power, cooling, and network back-up.

Security

Nosotros value your data, and we work hard to protect information technology. We store it on multiple hosts in multiple locations and back it up regularly, as often as four times per day per datastore. Data stored on our physical servers is protected past biometric locks, multiple layers of admission security, and 24x7 interior and outside surveillance.

Host Security

Simply our Engineering team has access to our production environment. SSH keys or Kerberos tokens are required for panel access to servers in all of our environments. We have automated processes in place that monitor each host for unauthorized login attempts, and offending IP addresses are automatically blacklisted and alerted.

Information Rights

Hootsuite Media Inc. uses third party vendors and hosting partners to provide the necessary hardware, software, networking, storage, and related technology required to run Hootsuite. Although Hootsuite Media Inc. owns the code, databases, and all rights to the Hootsuite application, you retain all rights to your data.

Data Protection

In 2016 the European Commission canonical and adopted a new framework for European information protection law chosen the General Information Protection Regulation (GDPR). The GDPR requirements will get effective on May 25, 2018 and will touch on all companies who process personal data of individuals in the EU.

More than data on the General Information Protection Regulation (GDPR).

How to Report a Security Incident

We take security very seriously at Hootsuite, and have an Information Security Bug Bounty plan geared towards the identification and remediation of security problems. At this point, we practise not offer budgetary compensation for findings due to Hootsuite company policy, simply we do offer other rewards. Hootsuite offers following items equally compensation depending on the severity of the findings:

Critical

Herschel Retreat 15" Estimator Backpack and a Hootsuite branded Unisex Full-Zip Hooded Sweater

High

Hootsuite branded Herschel Retreat 15" Estimator Backpack.

Medium

Hootsuite branded Unisex Full-Nothing Hooded Sweater.

If your finding is of medium, loftier, or critical severity we offer to include your proper name in our Hall of Fame (run into below for our current list). We exercise not offering rewards for low severity bug.

If you are interested in submitting your findings for review, please e-mail hootsec@hootsuite.com. Please note that, upon your submission, information technology might have upward to 5 business organisation days to triage and identify the right severity for the issue. If Hootsuite is already enlightened of the issue, we practise not offering any reward for the finding. We request you lot non to share or publish an unresolved vulnerability with whatsoever third parties.

Please make sure the findings you are submitting are reproducible and not cocky exploitation issues. Make sure to include the post-obit content in the submission:

• Title of the finding
• Description of the finding
• Location of the finding (product module/page)
• Steps to reproduce (include Request/Response logs if applicable)
• Screen shots/Video recording (if applicative)
• Severity

Ineligible vulnerability types

Please notation that Hootsuite does not consider the following to exist eligible vulnerabilities nether this program:

• Vulnerabilities in the third party/open source components
• Distributed Denial of Service
• Social Engineering/phishing issues
• Email bomb/flooding
• Findings from the automated scanners which are non triaged
• Disclosure of server or software version numbers
• Countersign strength or policy
• Security issues which tin only exist exploited with jailbroken or rooted devices.
• Self exploitation attacks.
• Vulnerabilities which can exist only exploited in outdated browsers
• Subresource integrity checks
• Header misconfigurations or missing security headers without evidence of the ability to target a remote victim
• Unclaimed social media accounts, links or domains which look similar to Hootsuite.
• DMARC/SPF bug
• Issues related to TLS/SSL versions

For incidents that touch on a unmarried business relationship, please contact Hootsuite Help, they are your fastest response for single-user security issues.

Hootsuite'due south Infosec squad commitment

Once yous submit your findings our Information security team and associated development teams are committed to:

• Acknowledge the reported finding
• Provide an estimate to triage the vulnerability and place whether it is a true positive or faux positive.
• If information technology is a truthful positive provide an estimate on timelines to fix the finding
• Inform y'all once your finding is remediated
• If applicable transport yous awards as described above.

We capeesh the efforts of every private researcher who submits a vulnerability report and helps us in improving the Hootsuite'southward security posture.

Miscellaneous

Hootsuite reserves the right to cancel this program at whatever fourth dimension and the decision to pay a bounty is entirely at our discretion. The testing must not violate whatsoever law, disrupt and/or compromise any information that is not your ain. Additional restrictions might exist applied on the bounty depending on your local laws.

Failure to follow any of the above mentioned rules volition disqualify you from participating in this program.

Cheers

Nosotros respect the effort and skill that goes into finding and disclosing security flaws. We are grateful for the generosity and support of the post-obit individuals and/or organizations:

• Abdelali Khalfi
• Kaushik Roy
• Chirag Solanki
• Zee Shan
• Muhammad Talha Khan
• Simone Memoli
• Issam Rabhi
• Prem Kumar
• Ketan Sirigiri
• Nakul Mohan
• Anurag Giri
• Kimli Welsh
• Mohamed Abdelbaset Elnoby
• Abdul Haq Khokhar
• Abdul Rehman
• Mert Tasci
• Kamil Sevi
• Mohammed Fayez Albanna
• Conal Mittal
• Lisha Batta
• Tanniru Ankamma Raju
• Simon Vocal
• Russel Laurio
• Ala Arfaoui
• SaifAllah benMassaoud
• Ahmed Y. Elmogy
• Ketan Patil
• Pratik Panchal
• Abdel Hafid Ait Chikh
• Suraj Mulik
• Ahmed Adel Abdelfattah
• Muhammed Gamal Fahmy
• Shawar Khan
• Balvinder Singh
• Jigar Thakkar (Akhani)
• Nithish G. Varghese
• Rafael Pablos
• Abbassi Ahmed Jalal
• Sarwar Jahan M
• Guilherme Scombatti
• Andy Leung
• Ma La
• Hussain Adnan
• Yaroslav Olejnik
• Girish
• Ahmed Adel Abdelfattah
• Dominic Li
• Ahsan Tahir
• Mansoor Gilal
• AbedAlqader Swedan
• Nikhil Mittal
• Koen Rouwhorst
• Yasin Soliman
• Wai Yan Aung
• Ajay Kulal
• Ali Hassan Ghori
• Ahsan Khan
• Abiral Shrestha
• Guifre Ruiz
• Eric
• Jose Carlos Exposito Bueno
• Sreedeep.Ck Alavil
• Mrityunjoy Emu
• Amal Jacob
• Pal Patel
• Daniel Diez
• Muzamil Shah
• Akaash .Thou Sharma
• Hassan Ahmed
• Sammam Qureshi
• Raul Gadzhiev
• Mostafa Mahmoud ashour
• Naveen Kumawat(nvk)
• Pritam Mukherjee
  
• Gourab Sadhukhan
• Nandini Sharma
• Hasibul Hasan
• Abhishek Karle

manhartinces1997.blogspot.com

Source: https://www.hootsuite.com/security

Bagikan Artikel ini