Our Approach to Security
We are deeply committed to safeguarding our customers' data and ensuring our software solutions remain reliable, trustworthy, and robust against evolving threats. Our approach to security is embedded within our Secure Software Development Life Cycle (SSDLC) model, a process that integrates security considerations at every stage of software development.
Threat Modelling and Risk Assessment
Our proactive security strategy begins with a consistent focus on threat modelling and risk assessments. By understanding potential threats to our software, we can identify, quantify, and manage the risk associated with them. This ongoing process allows us to tailor our security controls and countermeasures to the most relevant and likely threats. As the threat landscape continues to evolve, so do our threat models and risk assessments, ensuring that our security practices are always at the forefront of the industry.
Security Testing and Code Review
Before any software is released, our team undertakes rigorous security testing, which includes both static and dynamic analysis. This comprehensive examination enables us to identify any potential vulnerabilities or weak points in the code. Additionally, our code review process ensures that our software aligns with established best practices for secure coding. We also perform container scanning to check for any vulnerabilities within the software containers.
Ongoing Security Management
We maintain a continuous security management process, involving regular software patching, updates, and real-time monitoring for emerging threats. Our vigilance in monitoring the threat landscape ensures we remain aware of potential risks, providing a solid foundation for a swift and effective response if any issue arises.
Vulnerability Management Strategy
At Curiosity, we adopt a proactive approach to managing vulnerabilities. We utilize code scanning techniques to identify any vulnerable libraries in our software distribution. This enables us to stay ahead of potential risks and issues before they become a threat to our systems or our customers. Furthermore, we commit to updating libraries within a six-month timeframe from the availability of a new package, ensuring our software is always up-to-date with the latest security measures.
Whenever a high-risk vulnerability is detected, we prioritize communicating this information to our customers and outlining any necessary steps they need to take. Transparency and communication are key elements of our security philosophy, as we believe that security is a shared responsibility.