龙虎赌博 Security Policy

The 龙虎赌博 security process

龙虎赌博 follows a strict process when developing new versions of our software, according to the? 龙虎赌博 life cycle and release policy. All tasks are subject to strict standards imposed by 龙虎赌博:?

All 龙虎赌博 developers adhere to project? coding guidelines
All code is reviewed by a senior developer before being merged into the 龙虎赌博 code base
All tasks are tested by Quality Assurance engineers
Root Cause Analysis is performed for found vulnerabilities and results are added to secure code trainings performed for developers to avoid similar vulnerabilities in the future.
龙虎赌博 Cloud development and testing environments maintain a separate access control, completely isolated from the production environment.
No testing is ever done in 龙虎赌博 Cloud customer production environments, and account data/contact information as well as customer content (in 龙虎赌博 nodes) is never copied and used for testing/troubleshooting.

A 龙虎赌博 node in the cloud is almost the same as a standalone version, and we provide you the latest version with fixed security vulnerabilities and findings from HackerOne and other sources.
龙虎赌博 Cloud is continuously scanned and assessed by internal tools and teams, and security issues are passed down to the infrastructure or development team to increase our security posture.
Although the development process is designed to reduce security issues, it is still possible that new vulnerabilities might be discovered. 龙虎赌博 treats security issues in maintained versions as a high priority. Please note that 龙虎赌博 does not fix security issues in versions that are no longer supported. If this is required, it is custom development charged by an hourly rate.

Certifications

To assure our customers that 龙虎赌博 is a well-managed and professional organization, that appropriate information security measures are applied as necessary, and that customers can trust the source code, our professional services, and our 龙虎赌博 Cloud service, 龙虎赌博 has:?

Implemented a security program consistent with and conforming to the ISO/IEC 27001:2022 standard for Information Security Management
Implemented the ISO/IEC 27017:2015 extension for cloud security controls
Used other cybersecurity best practices to compliment the standard

龙虎赌博 Cloud security

Every customer's 龙虎赌博 instance is isolated from one another.?

Every customer's 龙虎赌博 instance data is on EBS volumes and encrypted at-rest with AES-256.

Every customer node uses Amazon Time Sync Service NTP pools (time.aws.com) as a time source.

AWS Snapshot technology and EBS encryption with AES-256 at-rest data encryption is used for customer backups.

All in-transit communications both internally and externally use at least TLS 1.2 and (where possible) TLS 1.3 certificates.

龙虎赌博 Cloud provides multiple ways of user authentication:

Local accounts: Users can sign up with a valid email address and set their password in the 龙虎赌博 Cloud platform. OTP codes are used for security purposes.

Existing accounts: Users can also leverage their existing Github, Google, and Microsoft accounts to use 龙虎赌博 Cloud with the single sign-on functionality.

Customer passwords for local accounts are protected with a BCRYPT hashing algorithm, so 龙虎赌博 employees do not have access to your password and cannot retrieve it for you. The only option if you lose your password is to reset it.

In cases where 龙虎赌博 employees need to connect to a customer's backend or frontend components, review log files, solve any issue with Services, at a customer’s explicit request for technical support reasons, or as required by law, we use combination of enterprise grade key management services and secret management technologies. There are no standing privileges for engineers or support team. We practice Just-in-Time access for as brief a period as possible.??

Every employee working within 龙虎赌博 and accessing 龙虎赌博 Cloud in any way is using company owned and managed devices with XDR and at-rest encryption.

Multiple sets of best practices are used – systems are hardened using CIS, AWS VPC best practices, AWS IAM best practices, etc.

We have several internal solutions in place that are used for monitoring our systems, availability, performance, and other critical parameters.

System availability can be checked at

Disclosure policy

In 龙虎赌博 we use the term "responsible disclosure", which means we have a policy on how we disclose all security issues that come to our attention, but only after the issues have been resolved and all customers with support contracts are given time to upgrade or patch their installations.

We kindly ask that when you are reporting a security issue, you follow the same guidelines and share the details only with the 龙虎赌博 Security team.

Security issue reporting

Before reporting the issue:
Make sure that the issue you are submitting is not related to server configuration, 3rd party scripts and utilities. In order to avoid any possible issues with server configuration we advise 龙虎赌博 users to read Best practices for secure 龙虎赌博 setup.

in the 龙虎赌博 Security Reports (ZBXSEC) section of the public bug tracker describing the problem (and a proposed solution if possible) in detail. This way, we can ensure that only the 龙虎赌博 security team and the reporter have access to the case.

The following information will be helpful for the 龙虎赌博 Security team:

Date and time when you identified the security defect.
Affected 龙虎赌博 version range.
Type of security issue you are reporting, e.g.: XSS, CSRF, SQLi, RCE.
Affected components, e.g.: Frontend, Server, Agent, API.
Any details you can provide, e.g. screenshots, screen recordings, http(s) transaction logs, POC exploits (please do not share any evidence via unauthenticated file sharing services and avoid sharing sensitive information, as if the 龙虎赌博 Security team decides that this issue does not fit the security defect description it might be moved to the ZBX project and the issue will be visible to all users).
Step-by-step instructions on how to reproduce the issue, as the problem might not be easily identifiable.

Dealing with security issues

The 龙虎赌博 Security team reviews the issue and evaluates its potential impact.
If the security issue is found not to be related to security, then the issue will be moved to?an internal development?project.
The 龙虎赌博 security team works on the issue to provide a solution and keeps all details on the problem until the next version of impacted 龙虎赌博 product is out. If 龙虎赌博 source code and 龙虎赌博 Cloud node is impacted by the same vulnerability, details will be kept internal until both products are updated.

New packages are created and made available for download on? section and 龙虎赌博 Cloud node version is updated as well.
龙虎赌博 requests for the security issue for 龙虎赌博 source code.
Clients with valid support agreements are emailed giving a period of time when it is possible to upgrade before the issue becomes known to the public.
Fixed vulnerabilities or any other security advisories are published to our Security advisory page /security_advisories

The 龙虎赌博 bug bounty program

Developed in partnership with HackerOne, the world's leading platform for ethical hackers, the 龙虎赌博 bug bounty program contributes to the security of the product by allowing hackers to discover potential security vulnerabilities in different 龙虎赌博 components. The program offers up to $3,000 as a reward for discovering and reporting a bug. More information can be found in the .