Posts by Leigh Honeywell

Beyond Heartbleed: Improved Security for Encrypted Connections

The announcement earlier this month of the “Heartbleed” bug (CVE-2014-0160) in OpenSSL once again focused attention on the technology used to secure communications on the Internet. Heartbleed was a very serious vulnerability and we moved as quickly as possible to patch systems and eliminate this threat on behalf of our customers.

But security is not just about fire drills, there are many steps that can be taken over time to continually improve security. Over the last months we have rolled out several security improvements to Heroku SSL Endpoints, including:

These enhancements have already been rolled out and are in effect for...

Continue reading »

Heroku Security Bug Bounty

Working with security researchers to ensure the trustworthiness of Heroku’s platform is an ongoing effort of ours. As part of this effort, the Heroku security team, in conjunction with Bugcrowd, is pleased to announce our new security bug bounty program. For each security bug you help find, which helps to ensure our platform is safe and secure, we'll reward you. Our initial rewards will be between $100 and $1500, varying based on the severity of the vulnerability.

Detailed rules and information about the scope of this bounty program are available on our page at Bugcrowd. As was previously the case, customer applications are strictly out of scope for the bounty – but we’ll pass...

Continue reading »


Browse the blog archives, subscribe to the full-text feed, or visit the engineering blog.