With a peace of mind, we get to move faster
We exist to help make work better. We do that by creating enterprise apps that encode best practices. To earn being a trusted partner, we need to protect our customers’ data.
Security as a product
Security is a product. That means it has clear ownership. It is currently owned by the Platform team. It also has its own roadmap and funding.
Like our other products, Security roadmap is lead by us but influenced by our customers. That means that we are responsible for leading where we’re going and our customers’ InfoSec teams are there to advise us on the direction.
As with general testing, security automation is important. We write tests as part of each feature. We clearly test role permissions.
Automation is required but not sufficient. There’s the aspect of security that needs the intuition of a human security expert. We need to define and expand our functional security testing processes. That includes working with both internal and external white hat hackers.
Focus on customer data
Today, we collect very basic customer data. However, our goal is to expand and help customers win even more. That requires deeper levels of integration with their existing systems…and more customer data.
We especially care about the customer user data within their
domain.plusplus.co space. Personally identifiable data includes:
- Employee Id
- Business Unit
We particularly care about the following types of vulnerabilities:
- Arbitrary code execution, including SQL injection
- Authentication concerns and bypass of intended policies
- Privilege escalation
- Any customer data leak
We’re less concerned about the following types of vulnerabilities:
- Social Engineering, including phishing
- DOS attacks
- Perceived security weaknesses without evidence of the ability to target a specific victim
As our integration appetites grow, so will our need to support the security of the data.
Discovered a bug or suspect an issue? Please report it to us via firstname.lastname@example.org. We’ll confidentially keep you informed while the team investigates the issues. Once resolved, we’ll update the Release Notesand notify everyone via the Power Users list.
And, we thank you! We all benefit from security as it allows us to pursue our bigger objectives.