Contact Everpure Security

Contact Security

Audience
Public
Content Type
Quick Reference
Source Type
Documentation

Contact

If you suspect that you have a Everpure security emergency, please contact Everpure Technical Support. Everpure responds quickly to attacks in progress and works with your staff to develop an incident response plan that minimizes the effect of current and future attacks.

If you believe that you may have been actively exploited, please call +1(866) 244-7121 and request for a Severity 1 case to be created.

For all other requests for assistance that are not an active Severity 1 / outage/ critical issue, please contact Everpure Technical Services for assistance. PHONE (US) +1 (866) 244-7121 or +1 (650) 729-4088. If calling from outside the US here is a list of phone numbers: Contact Us. Everpure customers can escalate cases in the following ways:

Alternatively:

  • Click the escalation link on one of the case emails. Every email from Everpure Support displays the following question near the bottom, including a dynamic link: “Not satisfied with the handling of this case? Click here to escalate.”

  • In the upper right-hand Pure1 Case Portal, click Escalate.

Please also see: Customer Escalation Procedures for additional information.

Security Contacts

Security topic

Responsibility

How to contact?

Questions relating to third-party vulnerabilities affecting our products

PSIRT

Slack : #psirt-request

Email: psirt@everpuredata.com

Reporting a new security vulnerability affecting our product(s)

Questions relating to existing security patches or release recommendations from a security perspective

Response to security concerns/issues from customer vulnerability scan/ penetration testing that includes a CVE ID

Reporting a security incident or concern related to "as-a-Service" functionality or internal infrastructure that affects external customers. This includes Pure1 issues, customer reports, or any cloud-related incidents CIDR / GISO Create a CIDR request
Reporting active cybersecurity incidents, including data breaches or other externally-sourced threats
Any credentials that are exposed either internally or to customers. This includes credentials in logs, reports, github, or code

Response to security concerns/issues from customer vulnerability scan/ penetration testing that DO NOT include a CVE ID

PSO Customer Trust

Email: pso-customer-trust@everpuredata.com

Security questions/questionnaire from prospective customers

Security certifications related queries

Questions relating to existing security features in our products

Eng Security

Slack: FlashArray - #ask-fa-security

FlashBlade - #ask-fb-security

Portworx - #ask-px-security

DX/Pure1 - #ask-pure1-security

New security feature request

Eng Security PM

FlashArray and FlashBlade- Juan Mojica

Portworx - Prashant Rathi

RFE form in Salesforce

Reporting Security Vulnerabilities and Incidents

Everpure adheres to the guidelines set forth in RFC 9116, which lists the proper channels and procedures for reporting security vulnerabilities.

To ensure a coordinated and effective response, we kindly ask that all security findings be reported directly via the appropriate channel specified below.

Focus Area Contact
Public content: Operating Infrastructure, public facing websites, security, data breach, and privacy concerns infosec@everpuredata.com

Please include any relevant details, such as steps to reproduce the issue, affected systems, and potential impact. Upon receipt, our infosec team will engage with you directly to further investigate the matter.

Focus Area Contact
Products only: Flash Array, Flash Blade, Portworx, Pure1 Cloud psirt@everpuredata.com

For product-specific reports, such as concerns or issues related to vulnerabilities directly tied to Everpure products, please notify psirt@everpuredata.com. We highly encourage you to send us a secure email by using our public key provided below.

For all reports, refrain from disclosing the vulnerability publicly or to unauthorized parties until we have had the opportunity to investigate and remediate, if necessary.

For additional information please refer to the Product Security Vulnerability Response and Remediation policy and Vulnerability reporting and disclosure policy.

Public Key for Secure Communication

Fingerprint:  4FE0 B4DF 0250 7C5D 299B  E3D7 BDFC 18D2 38E9 BF77
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGP9R4IBEAC8HGhtjCee9mE91djA8vpeIkorVkdpWCQ/E3gYaXY4gq/OoKt/
zR0QyeCPqPUDOqTUkOz7mUVhl4wGHQkuwjH7Bfy9JhOlE9gIQ2jSs8dMIgkXwmnP
PdJrEgvR y5LuN/x3MpSYDcM5JrsZny4TDIUWHKy3DQUcpEWz58PP5ctrq9qZNvU
WKp CFs9NFR/aWzuhyQHoDqKsesYsvn4hjbCIoBUAAW7wI0/qqq0I1BbMe8ndQ8b
0vaCj92RhTNlMmNDey8PfU/qE KAgQXgxTHx0QblJmzHm6nUC9ug6gM3RA97hseB
8cN896PUX6I1IDqruSTJfdyTysJEOSc t6QrTqj0i/3qOtqgssrvzd15pPDjQb6H
xvyGXMdS4HZ3vOnJ3IiQWW8YqI kOt1R9xKRzo51V/kAqfrLjY51mxdxXh5pvTEJ
Ca5z/GSGrDNWy8b01yPh1LFNMriQLFm0W79KgJnMKA4i6EODZm8ZLEXQFiU4RSis
ViH/g7CAMwZka8fNBXkumkqXfqUL/j0MeA7cY1T0VXnhs3c4bRfMG/1PR2i/DPky
nEjC2eywdclY937nAjyZFQ28c3BLirdeUoYENUkTj3YNLcNqfHbsRQgKXmpdA5ra
qYncZBH82H ZCxS9 97aveCdjXPAnxdCVvy7aMFyDcpGOEckjh 4pSWNdwARAQAB
tCFwc2lydC1rZXkgPHBzaXJ0QHB1cmVzdG9yYWdlLmNvbT6JAlQEEwEIAD4WIQRP
4LTfAlB8XSmb49e9/BjSOOm/dwUCY/1HggIbAwUJHFwiowULCQgHAgYVCgkICwIE
FgIDAQIeAQIXgAAKCRC9/BjSOOm/d3n/EAC5pFTnwArqL6ixq/axTvUre 3QEA 6
qTGUghMNRZSOa0YEHL/2OzBAeKtTTrIch6NF1zZvRen6 7h ak8y9zV3J6ER8joh
MGKG7IlbrnOnbR3/Ne4DJYUUI5aLc 7QQQIKd7AD33PzpX5ndSYLgakMKv/LdsFi
6mUUQiF2TevIIRokIqgWhIpfTccG67kSwuApDeE8YrUe/LnPEPXOo1tskdleSlMV
 XEp539tv8o2fh/Q6MOQ5Q k6WWTe/z4MxNEovBPuuZn/cBBSbNdBiHZgQENCRlM
BEdCCvA/Gc5zD3ZTPdTFL0UTnrG4ALL8Rj0LGaAeD7gNRaU8d/ Z2MvDGcGn0ImX
KVA1r1BViESDegO/2CNLPp/0v4KC2/M4cLUnQTXdq0q5CNP4XuwhBd290p/H8y4b
o/szhor 7H5PoifMzxkTzUj3HXM9Tl1mrWvdx sZAC7J1yNtBB7QLduOgnrWex4/
UqR1NdntYVi6Va83gdS7w/bjsXl6zYr5TTXrPAQtyR4gU0LSGO/DjfkkRR0gagxA
0jItPhodcpoTzV7Xhkkzxa5n5ije7SYVMaa7CK/aJTsNQmLcaKX/nexvigY6Y5eS
A3mQep 1CvLUYAiAYX1Pwq7UxPZrk 6/UYXmvBkTVVV5V2KYOtc9ZahZTWWIrqT3
4CAocori1Ln34LkCDQRj/UeCARAAlp4BiS6LeLZkXg1XqNEW3srHvz06mrg9RQHQ
dn79VGVs8oeRvyzTuaPZsGi45lmvMYGx8qX8EPsy3NQ2k/pgFoHb6Lr5bIgvXu6k
1RG8kBPnUXF11CNbEqhGm9dD2GOLKdLSTKVb2iydIq/Ew/kc99pp8XkVwA28QjEG
tNRtc32b/3wxE0f/3mmljpx4O/hUuu9iSo2iD9WwNrAvVenEih1eGcCNtu/v62vW
bfuWdpTnjad3kNvZe3hfkofB3oKcpSU Us3Jhs/RMDkZwFrrAl9xaiSdJXKzKMr8
SDfZTqk3ibHQJYMs/36t7fIMqR8uuMTdec52IP qd6EjNs4pJcJVR2yNK2lMODlm
ssuD0cd4rW/PMUx5G6wTXkAMotUzF5pBh7GJfIeZuMwwF24NvVzZm65GPeQRYBqO
NwgPpT13xoD8VJxUa1UlR9JKSrRudL9Xm1vy4EDRC9FjA8ja/FWxW8F5uW1gjLFT
fb0UCq9I4dCPtVKsbrOP7 c2nGeUD/zLmlb4 MMMj5oxX1g5mxqX849//MbpnXrE
ivqpJRTjPLpF94iPliJvWYCqcSFLGoxllOzUpqb1Tt7aQsxuczSWzLNcu/qXdpZc
RpH26anhRzXqj9kI74NnGMSYoAUXsVQwQu 7k6JEvUrkJNM/DApI/v18vhbMv3Jg
Q 92A4EAEQEAAYkCPAQYAQgAJhYhBE/gtN8CUHxdKZvj1738GNI46b93BQJj/UeC
AhsMBQkcXCKjAAoJEL38GNI46b93in4P/RBAE5jitRhyU0wXCO4y 5GBC2fsVDAr
pXDnFM6vTxWJhA6Bo4wjxP5s5M7DLjxpoCoCknMNYO4VrB6kyNU6kLQrNA1GOUp6
MvsPVRcwrumYUkC7T1VSvs1ypjom/jm1LfcY0wk9hZ9A3XBRGcb52/zkbvUt8qb8
h/7P3tpOuY1rDdxXQu6GeFKl9cGDX6oTXRGC1tK0dB66rmnEIuRfvUhA2Wf5AyDl
oLLQKOAmJQFFKuILy 3apQ8x8DA4sxv1vjzxFZUROp5iv5TLfnjz3n0V/ziXFhPP
Sn00kI7dfypphzS7ulmvCPL3F6Q6hvaOYc87kOSxa3QqfTN0JjRku rKptacXESX
R86RQpY89Lz7GfDwTb4SSQs1IrcwuomgUfQidMyOTsClCrd7TJTyhaLh6tUl vN2
rI9gIl73g/xlY7BkT2wCJOSoJnjapkSlgePslU4tbUAE RKv1/R k234/Dk8/xD0
8hV9l365BpBBmXovldIsLEXapn/rDLkGFNFq9XGz4LuYd7di9A6N7AqdxxeGhkAI
vQUVRv6xr60Yce5hX/XCnB0TzYprcyBOqkjdlZYYlsM3wFTPFRSPOkj21GW8dFxy
 AyyAJl6cVt0pE77eALJEBYq8fWfgJ7tRirxU16UCz/OFq4VuJSKlNElVwrkcFYV
KlUTW8XoSq9X
=3e5L
-----END PGP PUBLIC KEY BLOCK-----

Other inquiries

For all other inquiries relating to Everpure Product Security, please see Everpure Product Security (Home), or refer to Pure's CVE Lookup Page and Pure's Software Release Notes:

PSIRT Product Security Incident Response Team

For questions relating to whether Everpure products may be impacted by published vulnerabilities,

Engineering Product Security References

In the event that a customer reports possible exposure to security vulnerability as identified by 3rd party security audits/ sub-contracted penetration testing, or commercial scanning tools such as Nessus, please engage the following resources:

  • Product Specific Security Concerns:

    • FlashArray: #ask-fa-security. Ask questions about FlashArray security, both in terms of security features and hardening/certifications!

    • FlashBlade: #ask-fb-security Ask questions about FlashBlade security, both in terms of security features and hardening/certifications. For area-specific questions, you may be sent to other channels (e.g. #ask-fb-ui-> management sec)

    • Portworx: #ask-px-security. Ask questions about Portworx security, both in terms of security features and hardening/certifications!

    • Pure1: #ask-pure1-security Ask questions about Cloud Platform and Pure1 security, both in terms of security features and hardening/certifications.

Additional Contacts