Information Security
Hazelcast's dedication to maintaining a robust and stalwart security profile for customers, partners, and the open source community.
Corporate Security
At Hazelcast, security is a cornerstone of our values and a consideration that underpins everything we do, from the hiring and training of our own personnel to the way we build our products, select and utilize vendor offerings, and respond quickly to reported vulnerabilities. We are committed to providing a safe and quality user experience for our customers, partners, and open source community members.
For us, security begins in our own backyard, with our staff and general operations.
- Hazelcast conducts extensive background checks on all staff worldwide, whether employees or contractors, before hiring. This includes education and employment verification along with criminal records search.
- Hazelcast staff is required to immediately notify Hazelcast in the case of theft or loss of company-owned property.
Product Security
Hazelcast Platform includes many features to enhance the security of your application. It offers a rich set of JAAS-based (Java Authentication and Authorization Service) security features that you can use to authenticate cluster members and clients to perform authorization checks on client operations.
For more information, see:
- Hazelcast Security Features
- How to Implement Security Features of Hazelcast Enterprise Webinar
- See the section on Security and Hardening in the Deployment and Operations Guide
Supplier Security
Hazelcast makes use of cloud-based business services from reputable vendors. Below you will find easy access to additional information about their security practices and policies.
Hazelcast uses G Suite for email, calendaring, and document collaboration.
+ G Suite Security
+ Google Privacy Policy
Zendesk
Hazelcast uses Zendesk for customer support tickets.
+ Zendesk Security
+ Zendesk Privacy Policy
Salesforce
Hazelcast uses Salesforce.com for CRM.
+ Salesforce Security
+ Salesforce Privacy Policy
Github
Hazelcast uses Github for distributed sourcecode version control.
+ GitHub Security
+ GitHub Privacy Policy
Vulnerability Reporting
Hazelcast is committed to providing our users with secure software they can rely on. We promptly investigate all reports of security vulnerabilities affecting Hazelcast products. If you believe you have found a security vulnerability, we strongly encourage you to report it to us immediately, and we ask your help in working with our team before disclosure in a public forum. This allows us to address the issue most effectively for the benefit and protection of all users.
It’s easy to submit a vulnerability report:
- If you’re a Hazelcast customer, simply open a support ticket and provide us as much detail as you’re able.
- If you are not a Hazelcast customer, please send an email to [email protected]. Note: This email address is only for reporting security vulnerabilities, not inquiries about security-related topics. For general security questions, please reach out to us via one of our community channels.
Using either method, your report will be received promptly by Hazelcast staff.
What happens to my report?
Our standard process is:
- Upon receipt of your private report, Hazelcast will route it to the appropriate team for investigation.
- If we need additional information, we will directly and privately reach out to the person who sent the vulnerability report.
- We will verify the vulnerability and its fix.
- The security fix will be included in a new release.
We greatly appreciate your partnership in helping us provide the strongest security posture for all users. Thank you.