Security Contacts and Procedures

Eucalyptus Systems takes security very seriously. We aim to take immediate action to address serious security-related problems that involve our products or services.

Please report any suspected security vulnerability in a Eucalyptus product or service to the Eucalyptus Security Response Team. You may use our GPG public key to communicate with us securely.

When to Contact the Eucalyptus Security Response Team

You should contact the Security Response Team if:

  • You think there may be a security vulnerability in a Eucalyptus product or service
  • You are unsure about how a known vulnerability affects a Eucalyptus product or service

When Not to Contact the Eucalyptus Security Response Team

You should not contact the Security Response Team if:

  • Your issue is not security-related
  • You require technical assistance
  • You need help upgrading packages due to security alerts

In any of these cases, please engage Eucalyptus through our support portal.

What to Send

Please provide as much information as possible about the issue and your system as possible when contacting Eucalyptus. If you need to send us any sensitive information, we encourage you to encrypt your message using our GPG public key.

Who Reads Mail Sent to security@eucalyptus.com

Only members of the Eucalyptus Security Response Team, a restricted and carefully-chosen group of Eucalyptus Systems employees, will have access to material sent to the security@eucalyptus.com address. No outside users can subscribe to this list.

How We Respond

E-mail sent to security@eucalyptus.com is read and acknowledged with a non-automated response as quickly as possible. For issues that are complicated and require significant attention, we will open an investigation and provide you with a mechanism to check the status of our progress.