Open Source Projects:

Information Security

Hazelcast's dedication to maintaining a robust and stalwart security profile for customers, partners, and the open source community.

Pricing
Chat
Contact
Back to top
Corporate Security

Corporate Security

Corporate Security

At Hazelcast, security is a cornerstone of our values and a consideration that underpins everything we do, from the hiring and training of our own personnel to the way we build our products, select and utilize vendor offerings, and respond quickly to reported vulnerabilities. We are committed to providing a safe and quality user experience for our customers, partners, and open source community members.

For us, security begins in our own backyard, with our staff and general operations.

  • Hazelcast conducts extensive background checks on all staff worldwide, whether employees or contractors, before hiring. This includes education and employment verification along with criminal records search.
  • Hazelcast staff is required to immediately notify Hazelcast in the case of theft or loss of company-owned property.
Product Security

Product Security

Fraud prevention and detection.

Hazelcast Enterprise IMDG and Hazelcast Enterprise HD IMDG include a number of features to enhance the security of your application. Both offer a rich set of JAAS-based (Java Authentication and Authorization Service) security features that you can use to authenticate cluster members and clients, in order to perform authorization checks on client operations.

For more information see:

Hazelcast Security Features
How to Implement Security Features of Hazelcast Enterprise Webinar
See the section on Security and Hardening in the Deployment and Operations Guide

Supplier Security

Supplier Security

Supplier Security

Hazelcast makes use of cloud-based business services from reputable vendors. Below you will find easy access to additional information about their security practices and policies.

Google
Google

Hazelcast uses G Suite for email, calendaring, and document collaboration.
+ G Suite Security
+ Google Privacy Policy

Zendesk
Zendesk

Hazelcast uses Zendesk for customer support tickets.
+ Zendesk Security
+ Zendesk Privacy Policy

Salesforce
Salesforce

Hazelcast uses Salesforce.com for CRM.
+ Salesforce Security
+ Salesforce Privacy Policy

Github
Github

Hazelcast uses Github for distributed sourcecode version control.
+ GitHub Security
+ GitHub Privacy Policy

Vulnerability Reporting

Vulnerability Reporting

Vulnerability Reporting

Hazelcast is committed to providing our users with secure software they can rely on. We promptly investigate all reports of security vulnerabilities affecting Hazelcast products. If you believe you have found a security vulnerability, we strongly encourage you to report it to us immediately, and we ask your help in working with our team before disclosure in a public forum. This allows us to address the issue most effectively for the benefit and protection of all users.

It’s easy to submit a vulnerability report:

  • If you’re a Hazelcast customer, simply open a support ticket and provide us as much detail as you’re able.
  • If you are not a Hazelcast customer, please send an email to [email protected]. Note: This email address is only for reporting security vulnerabilities, not inquiries about security-related topics. For general security questions, please reach out to us via one of our community channels.

Using either method, your report will be received promptly by Hazelcast staff.

What happens to my report?

Our standard process is:

  1. Upon receipt of your private report, Hazelcast will route it to the appropriate team for investigation.
  2. If we need additional information, we will directly and privately reach out to the person who sent the vulnerability report.
  3. We will verify the vulnerability and its fix.
  4. The security fix will be included in a new release.

We greatly appreciate your partnership in helping us provide the strongest security posture for all users. Thank you.