Skip to main content

Security Contact

Report security vulnerabilities or incidents to:
ChannelDetails
Emailsecurity-alerts@nextedy.com
ResponseAcknowledged within 1 business day
This is a monitored Google Workspace Group with automatic forwarding to the security team’s Slack channel (#security-alerts) for real-time notification.

Monitoring

Nextedy maintains 24/7 monitoring for security events through:
  • Dependency vulnerability alerts — Snyk continuously scans all third-party components and generates alerts for newly disclosed vulnerabilities.
  • Code scanning alerts — SonarQube flags security-relevant findings in new code.
  • Incident inbox — The security-alerts@nextedy.com address accepts reports from customers, partners, and automated scanning tools.
All alerts are routed to the security team via Slack integration for immediate visibility.

Incident Response Process

1. Intake

When a security issue is reported or detected, the security team:
  • Acknowledges receipt within 1 business day
  • Assigns an incident owner
  • Creates a tracking record with initial details

2. Triage and Severity Assessment

The incident owner assesses severity based on:
SeverityCriteriaExamples
CriticalActive exploitation possible, affects data integrity or confidentialityRemote code execution, authentication bypass
HighExploitable vulnerability with significant impactPrivilege escalation, data exposure under specific conditions
MediumVulnerability with limited exploitability or impactInformation disclosure with low sensitivity
LowMinimal risk, defense-in-depth improvementHardening recommendation, minor configuration issue

3. Remediation

The security team develops and tests a fix. The remediation timeline depends on severity:
SeverityPatch SLA
CriticalWithin 5 business days
HighWithin 10 business days
Medium / LowNext scheduled release (quarterly)

4. Notification

  • Breach notification — If a confirmed breach affects customer data, Nextedy notifies affected customers within 24 hours.
  • Patch notification — Security patches are communicated through the support portal and direct customer contact.
  • Advisory publication — For vulnerabilities affecting released versions, Nextedy publishes a security advisory with affected versions, remediation steps, and upgrade instructions.

Evidence and Traceability

All security incidents are tracked with:
  • Unique incident identifier
  • Timeline of discovery, triage, and resolution
  • Root cause analysis (for high and critical incidents)
  • Verification that the fix resolves the issue
This record is retained for audit purposes and is available to customers under NDA upon request.