We get this question pretty often, how you ensure the product is secure? We of course can not guarantee there will never be vulnerabilities (in fact they were, just check NVD) but before we share with you our methodologies, think of this:
- Our code is open, if there is a bug or security issue it wont be hard to exploit it or notice it.
- We basically serve the security industry, many security experts look at our product thousands of times every year and do their own testing many times too.
- Being open, there are no “secrets”, “security by obscurity” (which is what you get from a closed code vendor) is a Russian roulette. What eramba does and how can be validated by anyone that can read code.
Now, how we build eramba securely?
- We have the same development team since pretty much day zero, they know the app and the community very well. Having no attrition means education and knowledge is not dispersed.
- The very founder of eramba has been involved in application security around europe since 2007 as a speaker, contributor, etc. You can Google it. We understand application security, although this is not a guarantee of anything, is a big plus.
- We have asked friends in the industry to review some of the key functionalities in eramba manually, we dont do this more than once a year approximately.
- Every functionality we build is documented from a functional and security perspective when it comes to testing, this means every feature has security built in and is tested against it with a defined testing plan.
- We scan our software with Acunetix pretty much on every release, we make this scans public on our enterprise forum too.
What if a bug is released?
- We fix it just like we fix stuff every day of the week.
- We make an urgent release (it typically does not take more than a couple of days)
- We notify customers on our forum and explain the issue
Has this happened?
- Once, but of course it will happen in the future! Is a normal hip on any, absolutely any digital platform that is massively used.