In the course of offering support and services, it may be necessary for DataStax employees to have limited access or visibility to customer production systems or technical log files. Access to this information is at the sole discretion and invitation of the customer.
DataStax uses several cloud-based technology vendors to support company operations. These vendors have separate security policies that govern the protection of DataStax data in their possession. Relevant vendors and their security policies are listed below.
DataStax uses Google Apps for Business for internal messaging and document handling. Google provides security and privacy for its services as outlined in their Security and Privacy documentation. In addition, DataStax implements Google services following best practices such as:
All systems in the datacenter operate behind a firewall. The firewall and switch firmware/operating systems are upgraded to the latest version every six (6) months to apply the latest security patches. Emergency upgrades are done in an event that a critical patch is released. HTTPS and SSH are the only protocols available to access the firewall. DataStax on-premises systems are accessible via an industry-recognized VPN client.
You can submit your findings using the link below.
DataStax Enterprise incorporates code from several Apache Software Foundation (ASF) projects, such as Apache Cassandra™, Apache Spark, and Apache Solr. Vulnerabilities affecting ASF software products should also be reported directly to the project. Details on reporting those vulnerabilities to the ASF can be found here.
- The reporter reports the vulnerability privately to DataStax.
- The appropriate project's security team works privately with the reporter to resolve the vulnerability.
- A new release or patch of the DataStax product that includes the fix is produced.
- The vulnerability is publicly announced and the patched software made available.