We encourage security researchers to report their findings directly to Nutanix’s Responsible Disclosure Program, hosted by HackerOne: hackerone.com/nutanix
Nutanix takes security very seriously, and we aim to take immediate action to address serious security related problems that involve our products or services. Nutanix customers should contact support for inquiries or questions regarding industry published Critical Vulnerability Enumerations (CVEs) patching timelines or exposure in the product should be directed to Nutanix Support via the methods described in the Support Quick Reference Guide.
Industry recognized security researchers should report any suspected security vulnerabilities in a Nutanix product or service to Nutanix Product Security at firstname.lastname@example.org. You can use our GPG key to communicate with us securely.
When to contact Nutanix Product Security
Nutanix Security Engineering values its relationship with security ecosystem partners and independent security researchers. If you are an industry security researcher and have findings you would like to disclose or discuss with the Nutanix Security Engineering team please contact us using the email@example.com alias and if necessary encrypted with the provided GPG key.
Who reads email sent to firstname.lastname@example.org
Only members of the Nutanix Security Engineering team, which is comprised of a small subset of security professionals within Nutanix, will have access to material and correspondence sent to the email@example.com alias.
How to contact us securely
Nutanix Security Engineering offers the ability to send GPG encrypted email messages to secure email communications. Email sent to firstname.lastname@example.org can be encrypted with the below public key and that key could change or be invalidated. Any revocation of GPG keys for the email@example.com account will have an accompanying renovation notice posted on this page as well as information on the new keys.
9AA0DAB7: Nutanix Security Engineering and Research Team firstname.lastname@example.org
This key is used for secure communication with the Nutanix Security Engineering team, and may in the future be used to sign certain announcements or advisories as needed.
Fingerprint: 991B AB35 18CF 64E3 ABF5 6AF7 30C5 0EA4 9AA0 DAB7
We do not accept encrypted communications via any other address or support mechanism with the above key and will discard non-security related correspondence encrypted with the above key.
How we respond
Email correspondance sent to the email@example.com alias will be read and acknowledged by return message within 72 hours, not including US weekends or holidays. Product support inquiries including upcoming patch timelines and CVE inclusion in a future release must be obtained by way of an official Nutanix Support ticket via the methods described in the Support Quick Reference Guide.