Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

StrongDM's Security & Compliance Programs are rooted in providing our Customers with the most secure infrastructure access platform on the market. If you have further questions beyond the information provided here, please reach out to your sales representative, or your Customer Success Manager at csm-team@strongdm.com. If you're interested in the StrongDM Platform, and how it can solve your Infrastructure Access problems, please reach out to sales@strongdm.com

ASICS-company-logoASICS
Benevity-company-logoBenevity
Better-company-logoBetter
Bloom Credit-company-logoBloom Credit
Braze-company-logoBraze
Chime-company-logoChime
ClickUp-company-logoClickUp
Coveo-company-logoCoveo
MassMutual-company-logoMassMutual
SailPoint-company-logoSailPoint
Seismic-company-logoSeismic
SentinelOne-company-logoSentinelOne
Sequoia Capital-company-logoSequoia Capital
SoFi-company-logoSoFi
StackAdapt-company-logoStackAdapt
Yext-company-logoYext
Zefr-company-logoZefr
SOC 2 Report
Disaster Recovery Report
Trust Center Updates

Update on RegreSSHion Vulnerability (CVE-2024-6387)

VulnerabilitiesCopy link

Qualys has identified a vulnerability in the OpenSSH utility, versions earlier than 4.4p1, and versions 8.5p1 up to, but not including, 9.8p1 are vulnerable to Remote Code Execution. The CVE is listed below with links to resources:

CVE-2024-6387

StrongDM's Trust team has investigated our environment for systems that could be affected by this vulnerability, and we have not found any systems that are publicly available with software affected by this vulnerability.

Published at N/A

Trust Center Updates

ComplianceCopy link

2022 Penetration Test Report Now Available

We are happy to announce the successful completion of a comprehensive penetration test of StrongDM's Platform AdminUI and API (also known as the "Control Plane").

In 2022, StrongDM engaged Cobalt Labs to conduct a gray-box penetration test and we are proud to present the results of this test in the 2022 Control Plane Penetration Test Combined Report.

Published at N/A*

Newsworthy Vulnerability Updates

VulnerabilitiesCopy link

The OpenSSL Project has announced the availability of a security update (version 3.07) that addresses a vulnerability affecting OpenSSL versions 3.0 and above (3.0.0 - 3.0.6).

The two CVE's are listed below:

Response
StrongDM's Trust teams have enumerated the services that could be affected by these vulnerabilities, and no vulnerable versions of the OpenSSL software were found.

Published at N/A*

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo