Trust

We Are Committed to Delivering Reliable and Secure Cloud Services

Our entire business is built on trust. We have established robust security, data protection, and privacy programs to ensure you can trust Nutanix to keep your data safe. Our Trust framework is comprised of security, privacy, compliance and transparency capabilities that span seven domains.

Privacy

We are 100% committed to protecting your privacy and providing you with a positive experience online and when using our products and services. Learn more about the Nutanix Privacy Program.

Corporate Security and Compliance

We implement established security frameworks, controls, and best practices to protect our corporate information assets and services, all in pursuit of keeping Nutanix data secure.

Product Security and Compliance

We have obtained numerous global certifications and continue to expand these efforts in order to help you maintain compliance in all areas of operation.

Transparency

We believe in open and honest communication with our customers. We will continue to add information here to keep customers updated on topics involving security, compliance, and service availability.

Security Contact and Procedures

Nutanix takes security very seriously, and we take immediate action to address serious security-related problems involving our products or services. Nutanix customers should contact support for inquiries or questions regarding industry published Critical Vulnerability Enumerations (CVEs), product exposure, and patching timelines. For more information on opening a case, see the Support Quick Reference Guide.

Responsible Disclosure Program

Nutanix values its relationship with security ecosystem partners and independent security researchers. Industry recognized security researchers should report any suspected security vulnerabilities in a Nutanix product or service to the Nutanix Responsible Disclosure Program:  hackerone.com/nutanix.

Who responds to findings at hackerone.com/nutanix

Only members of the Nutanix Security Engineering team, which is comprised of a small subset of security professionals within Nutanix, will have access to material and correspondence sent to this location.

How to Contact Us with other Issues

Nutanix Security Engineering offers the option to send GPG-encrypted secure email messages. Email sent to security@nutanix.com can be encrypted with the public key listed below. Any revocation of GPG keys for the security@nutanix.com account will have an accompanying renovation notice posted on this page as well as information on the new keys.

9AA0DAB7: Nutanix Security Engineering and Research Team security@nutanix.com

This key is used for secure communication with the Nutanix Security Engineering team, and may in the future be used to sign certain announcements or advisories as needed.

Download: 9AA0DAB7

Fingerprint: 991B AB35 18CF 64E3 ABF5 6AF7 30C5 0EA4 9AA0 DAB7

We do not accept encrypted communications via any other address or support mechanism with the above key and will discard non-security related correspondence encrypted with the above key.

How we respond

Email correspondance sent to the security@nutanix.com alias will be read and acknowledged by return message within 72 hours, not including US weekends or holidays. Product support inquiries including upcoming patch timelines and CVE inclusion in a future release must be obtained by way of an official Nutanix Support ticket via the methods described in the Support Quick Reference Guide.