Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Has linode improved their security intrusion and disclosure policy yet?

These are great improvements but are virtually worthless if linode didn't change their behavior.



What incident are you referring to? (genuine question)

As far as standards go, we use Linode and all of our customers (some of them quite demanding about internal security details) have been satisfied with the various acronyms they are accredited with... Although I understand this does not necessarily guarantee anything about response behavior, so interested to hear about past incidents.


There were some compromised accounts via a Coldfusion hack of their admin portal.

Not sure if that was isolated.

There was something more recent, too.

Anyway, happy Linode customer for quite a few years now. My stuff works, no fuss.


Any chance you can provide more information? Linode customer as well; slightly concerned.


Google ‘linode coldfusion’. I think it was over 5 years ago.


(Tory from the Linode team here)

We made some improvements to our disclosure / Bug Bounty program last year and launched this on HackerOne. The community and quality of submissions has been great. More information: https://blog.linode.com/2018/05/16/linodes-new-bug-bounty-pr...

We've also been making ongoing improvements to our application security and security infrastructure through the implementation of a DevSecOps culture. This is something we take very seriously.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: