We take security seriously at Vectice. This page outlines our approach to keeping your deployments secure.
Frequent Kubernetes Updates: We leverage a Kubernetes managed service to ensure our Kubernetes environment receives monthly updates. These updates include critical security patches and improvements to the underlying platform.
Lightweight, Community-Maintained Docker Images: Our software uses minimal Docker images, reducing attack surface and potential vulnerabilities. The open-source community actively maintains these images, benefiting from continuous security improvements.
Regular Package Updates: We release security patches and functionality updates for our core software components every two weeks.
Vectice follows CVSS 3.1 vulnerability assessment and commits to vulnerability resolution with the SLA below:
CVSS 3.1, or the Common Vulnerability Scoring System version 3.1, is a standardized framework used to rate the severity of security vulnerabilities in software. It provides a numerical score reflecting a vulnerability's potential impact and exploitability, helping organizations prioritize their remediation efforts effectively.
For more information:
Vulnerability
Resolution target time
Mechanism
Critical
<< 14 days
Patch or regular release
High
<< 14 days
Patch or regular release
Medium
<< 1 month
Regular release
Low
<< 2 months
Regular release