StrongDM's Security & Compliance Programs are rooted in providing our Customers with the most secure infrastructure access platform on the market. If you have further questions beyond the information provided here, please reach out to your sales representative, or your Customer Success Manager at firstname.lastname@example.org. If you're interested in the StrongDM Platform, and how it can solve your Infrastructure Access problems, please reach out to email@example.com
Trust Center Updates
StrongDM Not Impacted by the MOVEit VulnerabilityVulnerabilitiesCopy link
We recently became aware of a vulnerability within the file transfer software product, MOVEit. Reputable threat intelligence sources have reported that this incident impacts customers of this solution: https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/.
We want our customers and potential customers to know that StrongDM is not impacted by this vulnerability.
We do not use MOVEit within our product or business functions, in any capacity. We are also not aware of any usage of MOVEit software amongst our contracted third parties currently.
Security Portal UpdatesComplianceCopy link
2022 Penetration Test Report Now Available
We are happy to announce the successful completion of a comprehensive penetration test of StrongDM's Platform AdminUI and API (also known as the "Control Plane").
In 2022, StrongDM engaged Cobalt Labs to conduct a gray-box penetration test and we are proud to present the results of this test in the 2022 Control Plane Penetration Test Combined Report.
Newsworthy Vulnerability UpdatesVulnerabilitiesCopy link
The OpenSSL Project has announced the availability of a security update (version 3.07) that addresses a vulnerability affecting OpenSSL versions 3.0 and above (3.0.0 - 3.0.6).
The two CVE's are listed below:
StrongDM's Trust teams have enumerated the services that could be affected by these vulnerabilities, and no vulnerable versions of the OpenSSL software were found.