We employ Vanta to monitor our vulnerability management program, ensuring alignment with our SLA commitments. Vanta’s vulnerability scanner uses a database of known vulnerabilities and looks for these vulnerabilities in our system. It checks various interfaces and runs various scenarios within our system to identify any potential risks. Vulnerabilities are raised through multiple sources, including AWS, GitHub, ongoing static and dynamic analysis, penetration testing, etc. We regularly review the shown vulnerabilities and resolve them promptly.
We engage with an external firm to do the Penetration Testing at least annually. This engagement aims to identify security vulnerabilities that could negatively affect the systems under scope, the data we handle, and, consequently, the business. They simulate, in a systematic way, attacks to test the resilience against real-life attack scenarios. For each vulnerability discovered during the assessment, they provide a risk severity rating and validate the existence of the vulnerability with a working exploit code.
The latest external security assessment was completed on 30 May 2025.
We are conducting comprehensive periodic security reviews that enable us to track and mitigate risks associated with our third-party vendors.
