Kymeta Security Policy
1. Our security commitment
Kymeta is committed to product excellence, to providing products that meet or exceed industry standards for security, and to protecting our customers’ data. We want our customers to have confidence that we are protecting their data, and that our products minimize the risk of vulnerability to malicious or unauthorized use or attack by any third party.
For this reason, we regularly analyze the security of our product code base. Both during and after the development of our terminals, Kymeta engineers utilize industry standard scanning tools to raise the security bar. We regularly employ Software Composition Analysis (SCA) scanning tools to detect defects. These tools systematically check for defects that have been classified by the National Institute of Standards and Technology (NIST). We also regularly utilize code analysis tools to look for threat vectors in our code base.
Our commitment doesn’t end there. We also employ both defensive techniques and proactive tools to check for threats to customer data in our cloud. From carefully maintained and monitored firewalls, to the employment of traffic analysis and intrusion detection tools, we diligently look to discover attacks on a real time basis. We are also committed to the continuous improvement of our security practices. As such, we have established a security team that regularly reviews our practices on the devices we ship, the cloud services we provide, and the communication we have with our partners, suppliers and our customers. This culture of improvement is the most important aspect of our security strategy.
2. Resolution of confirmed security vulnerabilities
Kymeta investigates and discloses vulnerabilities for all actively supported products. If a security vulnerability is confirmed, Kymeta will provide solutions commensurate with the risk identified.
3. Disclosure policy
Kymeta’s first and foremost concern is our customers. To this end, Kymeta does not publicly publish any details that could potentially be used to compromise products until mitigation is available to reduce or eliminate the identified risk. Critical information will be shared directly with partners and/or customers in a timely manner as required, commensurate with risk.
4. Reporting a vulnerability
Kymeta product and security teams provide direct support for potential vulnerabilities identified in Kymeta products. Kymeta will continue to work with customers, agencies and recognized security organizations to resolve security vulnerabilities.
If you have a potential vulnerability or concern to report related to our products and services, please send your contact information to firstname.lastname@example.org.
November 2023 | 700-00219-000 rev 01