Security

Application Security

At Eventflow, it is a priority to ensure your data is secure. Application security features include:

• Independent penetration tests that are run quarterly against the application and hosting infrastructure
• User passwords are securely hashed before they are stored in the database
• Support of various Single Sign-on and Federated Identity implementations
• Configuration options for password strength, maximum login attempts, password change frequency and security questions
• Built-in audit logging that enables you to track who has logged in and when and all actions users perform against assets (views, downloads, uploads, modifications, etc.)

In addition, we have a security vulnerability management and disclosure policy, details of which can be seen further down this page.

Security Vulnerability Management & Disclosure Policy

Eventflow is committed to fixing serious security vulnerabilities promptly and carefully.

In order to protect our customers, we require that vulnerabilities be disclosed responsibly and reported to us in confidence. Vulnerabilities should not be disclosed publicly before we have investigated them and, if necessary, released a fix.

How to Report a Security Issue
Please email security@eventflowapp.com

Please provide enough detail to allow us to reproduce and investigate the issue quickly, including:

• Step by step instructions to reproduce the issue
• Affected version
• Affected configuration (e.g. operating system, browser, other software involved, settings)

Our response

When we receive a vulnerability report we will:

• Acknowledge receipt of the vulnerability report
• Investigate the report
• If necessary, develop a fix for the vulnerability
• When security fixes are released, notify subscribers to our security mailing list

Sign-up here to receive security related announcements from the Eventflow team.