Our Security Posture
As a security company, we hold ourselves to the highest standards. Our infrastructure, processes, and code are designed with a defense-in-depth approach.
SOC 2 Type II
Independently audited annually. Our SOC 2 report is available to customers under NDA.
Encryption
AES-256 at rest. TLS 1.3 in transit. All authentication secrets are encrypted with per-tenant keys.
Penetration Testing
Quarterly third-party penetration tests by independent security firms. Findings are remediated within SLA.
Infrastructure
- Hosting: Multi-region deployment across ISO 27001 certified data centers
- Network: DDoS protection, WAF, and rate limiting on all endpoints
- Access Control: Zero-trust internal architecture with mandatory 2FA for all employees
- Monitoring: 24/7 security monitoring with automated anomaly detection
- Backup: Encrypted backups with point-in-time recovery and cross-region replication
Application Security
- Secure SDLC: Code review, static analysis, and dependency scanning on every commit
- Authentication: All API keys are hashed. Session tokens are rotated and scoped
- Logging: Comprehensive audit logs with tamper-evident storage
- Incident Response: Documented IR plan with defined roles, tested quarterly
Responsible Disclosure
We welcome security researchers to report vulnerabilities responsibly. If you've found a security issue, please email security@corduosecurity.com.
- We respond to reports within 24 hours
- We do not pursue legal action against good-faith researchers
- We offer recognition in our security hall of fame
- Critical vulnerabilities are eligible for our bug bounty program
Questions?
For security inquiries or to request our SOC 2 report, contact security@corduosecurity.com.