Trust Center
StrongDM's Security & Compliance Programs are rooted in providing our Customers with the most secure infrastructure access platform on the market. If you have further questions beyond the information provided here, please reach out to your sales representative, or your Customer Success Manager at csm-team@strongdm.com. If you're interested in the StrongDM Platform, and how it can solve your Infrastructure Access problems, please reach out to sales@strongdm.com
Benevity
Better
Bloom Credit
Braze
Coveo
Seismic
Sequoia Capital
SoFi
StackAdapt
Yext
ZefrDocuments
Featured Documents
Statement on StrongDM's exposure to Oracle Cloud's Breach
On March 21st, 2025, CloudSek Security released a report on a potential security incident involving Oracle Cloud. This report was updated on March 25th, 2025, to state approximately 140,000 tenants were affected by the security incident. The tool released by CloudSek indicated StrongDM was one of the Oracle tenants impacted.
StrongDM’s Oracle Cloud environment is strictly for research and technical demonstrations. We do not host any Customer Data in Oracle Cloud, nor do we host any production systems there. Because of the strict segmentation that StrongDM employs across our IaaS providers, the risk disclosure of Customer Data impact is very low.
Despite this very low assessed risk, StrongDM’s Security & Technology Teams launched an impact investigation and took a number of pre-emptive actions within StrongDM’s Oracle environment, including credential rotations and tightening account recovery and lockout settings. We comprehensively audited all logins and user activity and found no suspicious activity. StrongDM strictly enforces MFA for all logins and continuously monitors all administrator activities for indicators of compromise.
StrongDM will continue to monitor the situation and apply remediation measures as they develop.
Update on RegreSSHion Vulnerability (CVE-2024-6387)
Qualys has identified a vulnerability in the OpenSSH utility, versions earlier than 4.4p1, and versions 8.5p1 up to, but not including, 9.8p1 are vulnerable to Remote Code Execution. The CVE is listed below with links to resources:
CVE-2024-6387
StrongDM's Trust team has investigated our environment for systems that could be affected by this vulnerability, and we have not found any systems that are publicly available with software affected by this vulnerability.
Trust Center Updates
2022 Penetration Test Report Now Available
We are happy to announce the successful completion of a comprehensive penetration test of StrongDM's Platform AdminUI and API (also known as the "Control Plane").
In 2022, StrongDM engaged Cobalt Labs to conduct a gray-box penetration test and we are proud to present the results of this test in the 2022 Control Plane Penetration Test Combined Report.
Newsworthy Vulnerability Updates
The OpenSSL Project has announced the availability of a security update (version 3.07) that addresses a vulnerability affecting OpenSSL versions 3.0 and above (3.0.0 - 3.0.6).
The two CVE's are listed below:
- CVE-2022-3602
- CVE-2022-3786
Response
StrongDM's Trust teams have enumerated the services that could be affected by these vulnerabilities, and no vulnerable versions of the OpenSSL software were found.
If you think you may have discovered a vulnerability, please send us a note.