Log in
Sign up
Log in
Sign up
Contact Us

Security & Abuse Reporting Policies

 

Committed to Security

We at DNAnexus are committed to providing a secure environment for you to store and analyze your data. We hold security and compliance at the highest priority, and our team works continuously to protect your account.

Assistance with Your Account

If you have issues with your private account, please direct your communication to
support@dnanexus.com
We will respond promptly to your message.

These issues may include the following:
> Password and login issues
> Data loss
> Notifications about unexpected activity in your account / other indications that your account may have been compromised
> Receiving notifications directed at a different user / unexpectedly receiving access to another user’s data

Report Abuse of DNAnexus Services

If you believe that other users are using DNAnexus improperly (e.g., storing illegal or malicious content in DNAnexus), please take the time to let us know by emailing us at
abuse@dnanexus.com

 

Report Security Vulnerabilities

If you think you have uncovered a potential security vulnerability or have witnessed a security incident on DNAnexus, you may report it to our team by sending email to security@dnanexus.com.

We take these reports seriously and will respond promptly to verifiable vulnerabilities. Our response includes allocating resources to responding to and investigating your report, fixing potential issues as quickly as possible. In addition, we will properly credit the reporter of a verified vulnerability in any DNAnexus-issued security advisory about the vulnerability (unless the reporter wishes to remain anonymous). We thank you for your commitment to helping us make the DNAnexus platform as secure as possible.

Possible Security Vulnerabilities

> Cross-Site Scripting (XSS)
> Cross-Site Request Forgery (CSRF/XSRF)
> Authentication bypass
> Privilege escalation
> Clickjacking
> Remote code execution
> Obtaining information about other users
> Circumvention of our privacy model

Please Include the Following Information in Your Report

Your preferred contact email address.

Information about the vulnerability.
>> Type of vulnerability
>> What is affected? Include URLs as appropriate.
 
Steps to reproduce.
>> Links you clicked on, pages you visited, URLs, user IDs
>> Clear and concise descriptions of the accounts you used in your report and the relationships between them
 
How can someone attack other users with this vulnerability?

Is this vulnerability public or known to third parties?

Security Contributors

DNAnexus thanks the following individuals for their contributions and for responsibly disclosing security concerns that resulted in improvements to our security:

Yadnyawalkya Tale (http://yadnyawalkya.blogspot.in/) (August 2016)
Rafael Pablos (http://silverneox.blogspot.com) (September 2015)
Ashutosh Kumar (https://www.ccfis.net/) (July 2015)
Ishan Anand (Zero-Access) (February 2015)

Responsible Disclosure

Responsible disclosure includes:
>> Giving the DNAnexus security team a reasonable time frame to receive and treat the vulnerability before publishing it outside
>> Making a good faith effort during your vulnerability research to avoid privacy violations, destruction or unauthorized distribution of data and degradation of our service; and...
>> Researching and reporting a security vulnerability to DNAnexus without intent to harm, deceive, defraud, extort, or otherwise engage DNAnexus or DNAnexus users maliciously, in bad faith or in violation of the law.

We will not bring legal action against individuals who report an issue given they make their best effort to follow the above guidelines.