swyMe software does not employ 3rd parties to perform vulnerability scans of our code, but security is an integrated part of our design and development process. Our software is developed using agile methodology so bi-weekly “sprints” respond to new issues as they emerge. Our application is compiled rather than interpreted, and it is insulated, even from the operating system it runs on, by a secure channel for communication making it extremely unlikely to be compromised.
As various high profile threats have emerged recently including Heartbleed and Shellshock, our systems have not required updates to close security gaps. This is not evidence that we are impervious to attack, but that we take security very seriously, not just add it as an afterthought.
We are more immune to attack than many vendors as we do not use open software (e.g. openssl) to build our security so we are not a big enough target for someone to be interested in attacking us (also since our source code is not available freely on the internet, it is more difficult for a hacker to identify vulnerabilities) and as we do not interact with the hosting Operating System, as IIS or Apache do, we do not allow the execution of shell commands from an intruder.
We encrypt every stream with AES256 so it is virtually impossible to be decrypt (though realistically some day someone will as they did for its predecessor -- which is why we continually do R&D to stay one step ahead).
An attack on our server today can at worst create a DOS (Denial of Service) as any hardware has limited resources, but this does not mean a lack of security as confidential data are not stolen, it just means the communication channel going into the server can be overloaded. Because we host with top tier, professional hosting organizations, they have mechanisms in place to repel such attacks so even this risk is mitigated.
0 Comments