Today’s developers work hard to write robust, high-quality code to solve difficult problems, further their business, and build things that didn’t exist before. But now more than ever before, security failures pose a great risk to developers’ ability to fulfill those goals. That’s why security can no longer be left to the security team alone.
At Codiscope, it’s our mission to help developers meet these new challenges, learn new skills, and take control of their own application security. Codiscope’s tools and training teach developers how to write secure code from the start.
When handling sensitive digital assets, an extraordinary level of trust is necessary. We work hard to build that trust with our clients by committing to maximum transparency into our security methodologies and practices. By cooperating with and contributing to the open source communities we all rely on. By consistently delivering high-quality, accurate, and timely secure coding guidance to developers as they’re coding.
At Codiscope we hold ourselves to the highest standards of application, data, and infrastructure protection. The digital security of our friends, family, and future generations is our driving force. Each product we build and support — our infrastructure, processes, and technologies — depends on this commitment. This security story explores, at a high level, the measures we take at Codiscope to ensure your information is protected.
Security depends on maintaining control of physical and network infrastructure. Hosted in a secure data center managed by trusted staff, our systems are kept hardened, patched, and up-to-date. Our network is defended and segmented by firewall. A dedicated Computer Security Incident Response Team is ready to respond to any contingency.
Our data protection mechanisms depend on software that resists injection and other attacks that can hijack system control. A rigorous software security initiative with dedicated full-time staff develop and enforce secure coding standards and mandate use of automated security and code quality testing tools.
Protecting your data is our highest priority. Our primary defense is universal authentication and access control. While our analysis engines need access to your source code, once the analysis phase is completed we securely delete the code. We also use strong encryption everywhere data is transmitted or stored and have implemented secure transport channels between client systems and the analysis engine which includes a strategy that provides forward security and ephemeral keys to reduce the impact of any potential key compromise.
We follow a secure development lifecycle to ensure our application is designed and implemented securely. All of our developers are trained in using our standard security defenses.
An independent team performs architecture analysis, threat modeling, code review, and penetration testing on our application as an integrated part of every release. We double-check and augment these outside audits with our own internal custom test suite and automated security tools.
Without information, good security decisions are impossible. We are committed to ensuring you understand the protections that we have provided. We have a well-defined Responsible Disclosure Policy and will notify our customers of any security event which could potentially impact their analysis artifacts or other sensitive information.