Security and Abuse Reporting Policies
We at DNAnexus are committed to providing a secure environment for you to store and analyze your data. We hold security and compliance at the highest priority, and our team works continuously to protect your account.
Assistance with your account
If you have issues with your private account, please direct your communication to firstname.lastname@example.org.
We will respond promptly to your message. These issues may include the following:
- Password and login issues
- Data loss
- Notifications about unexpected activity in your account / other indications that your account may have been compromised
- Receiving notifications directed at a different user / unexpectedly receiving access to another user’s data
Report abuse of DNAnexus services
If you believe that other users are using DNAnexus improperly (e.g., storing illegal or malicious content in DNAnexus), please take the time to let us know by emailing us at email@example.com.
Report security vulnerabilities
If you think you have uncovered a potential security vulnerability or have witnessed a security incident on DNAnexus, you may report it to our team by sending email to firstname.lastname@example.org.
We take these reports seriously and will respond promptly to verifiable vulnerabilities. Our response includes allocating resources to responding to and investigating your report, fixing potential issues as quickly as possible. In addition, we will properly credit the reporter of a verified vulnerability in any DNAnexus-issued security advisory about the vulnerability (unless the reporter wishes to remain anonymous). We thank you for your commitment to helping us make the DNAnexus platform as secure as possible.
Possible security vulnerabilities:
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF/XSRF)
- Authentication bypass
- Privilege escalation
- Remote code execution
- Obtaining information about other users
- Circumvention of our privacy model
Please include the following information in your report:
- Your preferred contact email address
- Information about the vulnerability:
- Type of vulnerability
- What is affected? Include URLs as appropriate.
- Steps to reproduce:
- Links you clicked on, pages you visited, URLs, user IDs
- Clear and concise descriptions of the accounts you used in your report and the relationships between them
- How can someone attack other users with this vulnerability?
- Is this vulnerability public or known to third parties?
DNAnexus thanks the following individuals for their contributions and for responsibly disclosing security concerns that resulted in improvements to our security:
Responsible disclosure includes:
- Giving the DNAnexus security team a reasonable time frame to receive and treat the vulnerability before publishing it outside
- Making a good faith effort during your vulnerability research to avoid privacy violations, destruction or unauthorized distribution of data and degradation of our service; and
- Researching and reporting a security vulnerability to DNAnexus without intent to harm, deceive, defraud, extort, or otherwise engage DNAnexus or DNAnexus users maliciously, in bad faith or in violation of the law.
We will not bring legal action against individuals who report an issue given they make their best effort to follow the above guidelines.