OPEN NETLABS SERVICES

If your organisation uses NSD, Unbound, OpenDNSSEC, Krill, Routinator, RTRTR or a combination thereof, we offer support contracts at various service levels. They allow direct access to our highly skilled developers and technical specialists, with years of experience in Internet infrastructure standards.

In addition to providing you with support and consultancy, purchasing the services of Open Netlabs also helps fund the research and development activities of NLnet Labs. This support helps us in developing a long term sustainable business model, backing the continuity of NLnet Labs and assuring that its contribution to the international Internet community can be continued for years to come.

You can choose different service levels for each software package you use, allowing you to mix and match to best suit your needs. Our Silver and Gold contracts also include consultancy hours, offering dedicated implementation and configuration assistance in order to get the most out of our products.

These are the available service levels, please contact us for pricing and details.

  Gold Silver Bronze
Support & Contact Hours Business Hours* Business Hours* Business Hours*
Security Alerts & Patches Highest Priority High Priority Best Effort
Response Time 4 hours 12 hours 24 hours
Consultancy 32 hours 12 hours No
Dedicated Chat Channel Yes Yes No
Email Support Yes Yes Yes

* Business Hours are 09.00 - 18.00 hrs Central European Time (Amsterdam, the Netherlands)

If a flaw is found we intend to provide security patches, for free, to the general public. In addition, we strive to be transparent about the nature, cause and impact of security flaws. Since the announcement of a security flaw may trigger the creation of exploits, we strive to balance transparency about flaws with the impact exploits might have on the Internet and its users.

We will follow specific internal guidelines, though circumstances may force us to not apply this policy in full. End of support for the software by NLnet Labs will be publicly announced two years in advance. All security vulnerabilities will be identified with dedicated CERT vulnerability tracking numbers.

In general, the security patches are distributed according to the following priority:

  1. Customers with a Gold support contract and the party that reported the vulnerability, under non-disclosure
  2. Special Interest groups, under non-disclosure. These are entities that operate our project in an environment that is critical to the general public, as well as known Open Source platform Operating System maintainers
  3. Customers with a Silver support contract, under non-disclosure
  4. Customers with a Bronze support contract, under non-disclosure
  5. The general public

With regards to these five groups, we will take the following considerations:

  • The time scale on which publish/distribute security patches differently depending on the nature of the security issue. If the issue is widely known or exploited at the moment we have developed a patch (zero day) we intend to release the patch as soon as possible to the widest audience possible, which collapses stages 1 through 5 above to the order of days or even hours.
  • If the issue is not yet public, we intend to release security patches to the general public on a short timescale, in the order of weeks.
  • If we cannot find a fix for the security vulnerability, we obviously cannot provide code and may seek assistance. In order to prevent zero-day exploits information about (the existence of) these types of vulnerabilities may only be shared under non-disclosure with category 1, and if circumstances dictate with category 2.
  • We provide patches for the latest released software version i.e. the latest major, minor, patch level release.
  • In general, we provide support for the previous major release for one year after its deprecation. We therefore also provide security patches for major releases from one year past. A major release is the increment in the first version number.

Please keep in mind that our projects are made available under the BSD or Mozilla Public License 2.0 and come with ABSOLUTELY NO WARRANTY.