top of page

Security and Trust Center

Secure by Design Pledge

In an effort to support secure software development Performetriks recently signed  CISA’s Secure by Design Pledge, a directive for technology providers to embed security at the heart of their products from the outset of development.
We truly believe security must be built in to every product instead of bolted on at the end of the development process.

Focus Areas and Goals

The Secure by Design Pledge has seven focus areas and pledge goals: 

Multi-Factor Authentication (MFA)

Goal: Within one year of signing the pledge, demonstrate actions taken to measurably increase the use of multi-factor authentication across the manufacturer’s products.

How we are addressing it: We support multi-factor authentication in our products.

Default passwords

Goal: Within one year of signing the pledge, demonstrate measurable progress towards reducing default passwords across the manufacturers’ products..

How we are addressing it: We’ve eliminated default passwords, using Email OTP with randomly generated codes for secure authentication.

Reducing entire classes of vulnerability

Goal: Within one year of signing the pledge, demonstrate actions taken towards enabling a significant measurable reduction in the prevalence of one or more vulnerability classes across the manufacturer’s products.

How we are addressing it: Adopting web template frameworks(Springboot,SB security, Thymeleaf and Bootstrap templates)

Security patches

Goal: Within one year of signing the pledge, demonstrate actions taken to measurably increase the installation of security patches by customers.

How we are addressing it: Our products are on entirely SaaS-based platform, so customers do not need to install security patches themselves. No burden at client side or reduce customers’ burden of patching

Vulnerability disclosure policy 

Goal: Within one year of signing the pledge, publish a vulnerability disclosure policy (VDP)

How we are addressing it: To be published and Publishing blog posts reviewing findings and lessons learned from the vulnerability disclosure policy.

CVEs

Goal: Within one year of signing the pledge, demonstrate transparency in vulnerability reporting

How we are addressing it: Within the next 12 months, Performetriks commits to enhancing transparency in vulnerability reporting by establishing and adhering to a procedural document. Publicly disclose vulnerabilities in our products, including the issuance of a Common Vulnerabilities and Exposures (CVE) record when necessary, in line with our policy.

Evidence of intrusions

Goal: Within one year of signing the pledge, demonstrate a measurable increase in the ability for customers to gather evidence of cybersecurity intrusions affecting the manufacturer’s products.

How we are addressing it: Evidence of intrusions - For cloud service providers and SaaS products applying patches at Server side, retaining logs for a set timeframe for Analysis purpose 

bottom of page