Security Contact
Report security vulnerabilities or incidents to:
This is a monitored Google Workspace Group with automatic forwarding to the security team’s Slack channel (
#security-alerts) for real-time notification.
Monitoring
Nextedy maintains 24/7 monitoring for security events through:- Dependency vulnerability alerts — Snyk continuously scans all third-party components and generates alerts for newly disclosed vulnerabilities.
- Code scanning alerts — SonarQube flags security-relevant findings in new code.
- Incident inbox — The
security-alerts@nextedy.comaddress accepts reports from customers, partners, and automated scanning tools.
Incident Response Process
1. Intake
When a security issue is reported or detected, the security team:- Acknowledges receipt within 1 business day
- Assigns an incident owner
- Creates a tracking record with initial details
2. Triage and Severity Assessment
The incident owner assesses severity based on:3. Remediation
The security team develops and tests a fix. The remediation timeline depends on severity:4. Notification
- Breach notification — If a confirmed breach affects customer data, Nextedy notifies affected customers within 24 hours.
- Patch notification — Security patches are communicated through the support portal and direct customer contact.
- Advisory publication — For vulnerabilities affecting released versions, Nextedy publishes a security advisory with affected versions, remediation steps, and upgrade instructions.
Evidence and Traceability
All security incidents are tracked with:- Unique incident identifier
- Timeline of discovery, triage, and resolution
- Root cause analysis (for high and critical incidents)
- Verification that the fix resolves the issue