StrongDM maintains a
Responsible Disclosure Program
to allow anyone to securely report discovered vulnerabilities in our platform to us. If you think you’ve found a security vulnerability, event, or incident related to StrongDM, please follow the submission guidelines in the Program docs. We will get back to you as soon as possible to confirm the details and start working towards a resolution.
In addition to the Vulnerability Disclosure Program, we have a private bug bounty program to provide further in-depth testing.
Read more about other security testing we do to keep the StrongDM Platform and customer data secure.
Learn about the vulnerabilities we have resolved in the StrongDM product in our published Security Advisories .
Platform Security Features
StrongDM was built from the ground up with security as the top priority. Some primary platform security features include:
- Pervasive Auditing
- Credential & Secret Management
- Identity Federation
- Log Management
- Data Protection
StrongDM believes that the best way to show confidence in our product is to use it ourselves. We “eat our own dogfood” and use StrongDM to provide auditable and secure access to our own production, test, and development environments.
Learn more about StrongDM’s security features in our documentation .
Compliance & Audit
StrongDM has its posture and controls on security, confidentiality, and availability tested by an independent firm at least annually. We are SOC 2 Type 2 certified by a national audit firm and are investigating other compliance programs to further enhance our Information Security Program.
Find out more about our compliance and internal audit programs .
Securing our people and systems is a huge part of how we provide a first-class product to our customers. This includes (but is not limited to) background checks for all hires, security training for all employees and contractors, frequent permissions and account reviews, and planning for various contingencies that could interrupt normal business operations.
Learn more about our security operations and how we secure our humans.