With a peace of mind, we get to move faster

We exist to help make work better. We do that by creating enterprise apps that encode best practices. To earn being a trusted partner, we need to protect our customers’ data.

Security as a product

Philosophy

Ownership

Security is a product. That means it has clear ownership. It is currently owned by the Platform team. It also has its own roadmap and funding.

Roadmap

Like our other products, Security roadmap is lead by us but influenced by our customers. That means that we are responsible for leading where we’re going and our customers’ InfoSec teams are there to advise us on the direction.

Process

As with general testing, security automation is important. We write tests as part of each feature. We clearly test role permissions.

Automation is required but not sufficient. There’s the aspect of security that needs the intuition of a human security expert. We need to define and expand our functional security testing processes. That includes working with both internal and external white hat hackers.

Focus on customer data

Approach

Today, we collect very basic customer data. However, our goal is to expand and help customers win even more. That requires deeper levels of integration with their existing systems…and more customer data.

Customer data

We especially care about the customer user data within their domain.plusplus.co space. Personally identifiable data includes:

  • Name
  • Email
  • Employee Id
  • Business Unit

Vulnerability types

We particularly care about the following types of vulnerabilities:

  • Arbitrary code execution, including SQL injection
  • Authentication concerns and bypass of intended policies
  • Privilege escalation
  • Any customer data leak

We’re less concerned about the following types of vulnerabilities:

  • Social Engineering, including phishing
  • DOS attacks
  • Perceived security weaknesses without evidence of the ability to target a specific victim

As our integration appetites grow, so will our need to support the security of the data.

Incident management

Reporting

Discovered a bug or suspect an issue? Please report it to us via feedback@plusplus.co. We’ll confidentially keep you informed while the team investigates the issues. Once resolved, we’ll update the Release Notesand notify everyone via the Power Users list.

And, we thank you! We all benefit from security as it allows us to pursue our bigger objectives.