Cloudflare breach notifications


#1

How do I get cloudflare breach notifications? And where can I see a historic list?

e.g. https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
and
https://blog.cloudflare.com/the-four-critical-security-flaws-that-resulte/

I can see that cloudflare responds promptly to incidents, and wondered if there was a policy on response time or not and when things are made public.


#2

You can keep an eye on cloudflarestatus.com for recent info on incidents, but if there are any major issues (like the ones mentioned) you will usually find them blogged under the tag “Post Mortem”. Though that will include non security related issues as well.

https://blog.cloudflare.com/tag/postmortem/


#3

Thanks that’s great.

Is there any SLA or other policy on how long it takes cloudflare to respond to an incident?


#4

I believe there are different industry standards for different situations. However the philosophy here is to be as transparent as possible as soon as we can.