Need to report a security vulnerability?
Please email us directly at firstname.lastname@example.org. Get a free month of service for every security flaw you or your team notify us about that hasn’t been reported yet.
- We operate all our infrastructure in Amazon Web Services industry leading data centers
- Biometric scanning for controlled data center access
- Security camera monitoring at all data center locations
- 24×7 onsite staff provides additional protection against unauthorized entry
- Unmarked facilities to help maintain low profile
- Physical security audited by an independent firm
- System installation using hardened, patched OS
- Dedicated firewall and VPN services to help block unauthorized system access
- Distributed Denial of Service (DDoS) mitigation services powered by industry-leading solutions
- Systems access logged and tracked for auditing purposes
- Secure document-destruction policies for all sensitive information
- Fully documented change-management procedures
Our team keeps our software and its dependencies up to date eliminating potential security vulnerabilities. We employ a wide range of monitoring solutions for preventing and eliminating attacks to the site.
All data exchanged with Next Release is always transmitted over SSL (which is why your dashboard is served over HTTPS, for instance).
We never store passwords as clear text – they are always hashed (and salted) securely using bcrypt. Both data at rest and in motion is encrypted – all network communication uses TLS with at least 128-bit AES encryption. The connection uses TLS v1.2, and it is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.
Your code never touches our servers.
We protect your login from brute force attacks with rate limiting. Login information is always sent over SSL.
We also allow you to use two-factor authentication, or 2FA, through GitHub login as an additional security measure when accessing your Next Release account. Enabling 2FA adds security to your account by requiring both your password as well as access to a security code on your phone to access your account.
Credit card safety
When you sign up for a paid account on Next Release, we do not store any of your card information on our servers. It’s handed off to Stripe, a company dedicated to storing your sensitive data on PCI-Compliant servers.