We actively support the following versions of SASEWaddle with security updates:
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0 | ❌ |
We take security seriously and appreciate responsible disclosure of security vulnerabilities.
DO NOT create public GitHub issues for security vulnerabilities.
Instead, please report security vulnerabilities via:
- Email: [email protected]
- PGP Key: Available on our website for encrypted communication
- Response Time: We aim to respond within 48 hours
When reporting security vulnerabilities, please include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Any suggested mitigation strategies
- Your contact information for follow-up
- Acknowledgment: We acknowledge receipt within 48 hours
- Assessment: We assess and validate the reported vulnerability
- Fix Development: We develop and test a security fix
- Coordinated Disclosure: We coordinate release timing with the reporter
- Public Disclosure: We release the fix and publish security advisory
- Recognition: We recognize the reporter (if desired)
SASEWaddle implements multiple security layers:
- WireGuard VPN with modern cryptography
- Zero Trust Network Architecture principles
- Certificate-based device authentication
- Encrypted tunnel establishment
- Multi-factor authentication support
- X.509 certificate validation
- JWT token-based session management
- SAML2 and OAuth2 integration
- Role-based access controls
- End-to-end encryption for all communications
- TLS 1.3 for API communications
- Secure key storage and management
- Certificate rotation and lifecycle management
- Container image scanning
- Dependency vulnerability scanning
- Secure deployment configurations
- Network segmentation support
- Comprehensive audit logging
- Real-time security monitoring
- Authentication event tracking
- Failed access attempt detection
- Regular Updates: Keep all components updated
- Certificate Management: Rotate certificates regularly
- Access Review: Regularly review user access
- Monitoring: Monitor logs for suspicious activity
- Backup: Maintain secure backups of configurations
- Strong Authentication: Use strong passwords and MFA
- Client Updates: Keep client applications updated
- Network Security: Use SASEWaddle on untrusted networks
- Report Issues: Report any suspicious behavior
- Code Review: All code changes undergo security review
- Static Analysis: Regular static code analysis
- Dependency Scanning: Monitor for vulnerable dependencies
- Security Testing: Include security tests in CI/CD pipeline
SASEWaddle supports compliance with various security frameworks:
- SOC 2 Type II
- ISO 27001
- NIST Cybersecurity Framework
- HIPAA (Healthcare)
- PCI DSS (Payment processing)
- GDPR (Data protection)
SASEWaddle implements multiple security layers:
- Network Layer: WireGuard encryption and authentication
- Application Layer: JWT tokens and API authentication
- Transport Layer: TLS for all API communications
- Data Layer: Encrypted storage for sensitive data
- Never trust, always verify
- Verify identity and device before access
- Grant least privilege access
- Monitor and log all activities
- Automated certificate provisioning
- Certificate lifecycle management
- Certificate revocation support
- Public Key Infrastructure (PKI) integration
In case of security incidents:
- Detection: Monitor for security events
- Analysis: Assess the scope and impact
- Containment: Limit the spread of the incident
- Eradication: Remove the threat from systems
- Recovery: Restore normal operations
- Lessons Learned: Document and improve processes
We regularly audit and update third-party dependencies:
- Automated vulnerability scanning
- Regular dependency updates
- Security advisory monitoring
- License compliance verification
Security considerations for third-party integrations:
- Identity Provider (IdP) integrations
- Monitoring and logging systems
- Certificate Authority (CA) integrations
- Cloud provider security features
For security-related questions or concerns:
- Email: [email protected]
- Website: https://sasewaddle.com/security
- Documentation: https://docs.sasewaddle.com/security