Trust & security

Security posture

Platform hardening, network-edge mitigation, and clear customer responsibilities — linked to trust hub artefacts procurement expects.

Security at HostStack spans platform hardening, network-edge mitigation, coordinated disclosure, and customer responsibilities on guest OS. This page summarises what we control vs what your team operates on KVM instances.

Platform controls

Hypervisor isolation — KVM on audited host nodes; control panel orchestration with role-separated access.
Network edge — DDoS-aware scrubbing tiers staged up to 17 TB aggregate contracted capacity. See network disclosure.
Monitoring — NOC dashboards + public status page (UptimeRobot-backed).
Patching — host-level security updates on a documented cadence; customer notification for maintenance via status/changelog.
Backups — JetBackup on eligible web SKUs · VPS: snapshot/backup options vary by line — see store

Your responsibilities (KVM)

SSH key hygiene, fail2ban/UFW, unattended security upgrades on guest OS
Application-layer WAF/CDN for HTTP floods beyond network edge scope
Secret rotation, database exposure, and outbound mail reputation

Start with first hardening steps and knowledge base playbooks.

Disclosure & abuse

Coordinated vulnerability disclosure + /.well-known/security.txt
Abuse reporting — spam, compromise, copyright
Privacy policy · Subprocessors
SLA — availability programme & exclusions

Procurement pack

Security reviewers often need the same artefacts: vendor pack PDF, reference architecture, uptime methodology, and commercial pack index.

Open trust hub Security questionnaire