Heroku Security Bug Bounty

Working with security researchers to ensure the trustworthiness of Heroku’s platform is an ongoing effort of ours. As part of this effort, the Heroku security team, in conjunction with Bugcrowd, is pleased to announce our new security bug bounty program. For each security bug you help find, which helps to ensure our platform is safe and secure, we'll reward you. Our initial rewards will be between $100 and $1500, varying based on the severity of the vulnerability.

Detailed rules and information about the scope of this bounty program are available on our page at Bugcrowd. As was previously the case, customer applications are strictly out of scope for the bounty – but we’ll pass information along to those customers if you let us know.

Read more →

Congratulations to Plated, Zoobean, and Breathometer on Shark Tank

We love seeing our customers’ successful and gaining recognition for the amazing businesses they are building. So, as you could imagine, we were thrilled to learn that a Heroku customer was featured on ABCs Shark Tank last Friday, with two more being featured over the next couple weeks.

Read more →

PyCon Montreal - April 9 - 17, 2014

We are really honored to be a part of PyCon again this year. We have a big booth in the expo hall and a bunch of people who are really looking forward to attending and who are there to answer questions, hack on code, troubleshoot, or shoot the ….

Read more →

OpenSSL Heartbleed Security Update

Yesterday the OpenSSL Project released an update to address the CVE-2014-0160 vulnerability, nicknamed “Heartbleed.” This serious vulnerability affects a substantial number of applications and services running on the internet, including Heroku.

All Heroku users should update their passwords as a precautionary measure. If you are currently running the SSL Endpoint add-on, you should re-key and reissue your certificate and update it as it may have been exposed. As of Tuesday, April 8 at 15:55 UTC, all Heroku certificates, infrastructure, and Heroku Postgres have been updated and are no longer vulnerable. Continue reading for further details on each affected vector.

Read more →

Heroku at the AWS Summit SF - Wed March 26th

AWS Summit SF is coming up on Wed March 26th at Moscone South. We are thrilled to be sponsoring the Developer Lounge. Heroku engineers and staff will be available throughout the day to answer your questions about Heroku; developing Ruby, Python, and Node apps on Heroku; Heroku Postgres; and the architecture of apps using both Heroku and AWS.

If you plan on attending, please stop by, say hello, and bring your questions. Or you can just play ping pong. If you would like to set up an appointment for a specific time, please send us an email.

Browse the blog archives or subscribe to the full-text feed.