You're on the outs. Login!

Version^ Security


Security Patterns

  1. We do not hard code credentials.
  2. We do not manually deploy software into production.
  3. No persistent human access exists to environments in which production workloads run.
Ready to better your code?


Security Philosophy

We keep Version^ secure and safe by investing in platform security. The very purpose of Version^ is to facilitate shifts towards the highest security available in the development languages and frameworks that you (and we) use. We introduce security measures into every phase of development.

First, we store and use secrets securely. We use a purpose-built service to store and manage secret access credentials such as passwords and tokens. This helps reduce the likelihood of those credentials becoming compromised.

Second, we use network layers. These minimize the potential scope of impact of unauthorized network access. Using subnets enhances micro-segmentation. This helps prevent unauthorized users from accessing additional resources.

Third, we have well-defined CI/CD pipelines to streamline the deployment process. We automate testing for security properties throughout the development and release lifecycle. This gives a programmatic way of detecting potential problems early and often. For example, we define security unit tests to check for broken or missing authentication.

Fourth, we use least privilege access as a best practice. Team members have only the permissions necessary to do their job. Machines have the most restricted set of permissions required to do their tasks. Permissions are restricted when no longer needed.