Security and Compliance

At WSO2, we prioritize the security and resilience of our products and services. We adhere to industry best practices and maintain a transparent security program to continuously improve our offerings.

Report a Vulnerability
Read Security Docs
Security and Compliance

Security Attestations


ISO/IEC 27001:2013

ISO/IEC 27001:2013

WSO2 is certified to the globally recognized ISO/IEC 27001:2013 standard for Information Security. This standard specifies how to implement, monitor, maintain, and continually improve an Information Security Management System (ISMS) to ensure that your data is shielded from unauthorized access, maintaining its integrity and availability.

SOC 2

System & Organization Controls (SOC)

WSO2 has successfully obtained the SOC 2® Type 1 Report for its Public and Private Cloud services. The SSAE18 SOC 2® Type 1 examination provides you with a detailed assessment of our system controls. Focusing on the key aspects of security, confidentiality, and availability of customer data, this report assures you that your information is protected at all times.

Security Programs


Vulnerability Management Process

Vulnerability Management Process

Examine how we manage vulnerabilities related to our products and services.



Learn More 
Secure Engineering Guidelines

Secure Engineering
Guidelines

Discover security best practices followed by our engineering team for WSO2 products and services.



Learn More 
Responsible Disclosure Program

Responsible Disclosure Program

Discover how we reward contributors who responsibly disclose vulnerabilities and contribute to our products and services through our Hall of Fame.



Learn More 

WSO2 Product Security


Secure Software Development Process

Secure Software Development Process

Learn how we prioritize security throughout the Software Development Life Cycle.



Learn More 

Security Guidelines for Production Deployment

Security Guidelines for Production Deployment

Follow our security guidelines for secure configuration of WSO2 products in production settings.



Learn More 

security-announcement

Security Announcements

Security Advisories

View our security advisories for information on vulnerabilities affecting our products and services.

Learn More

CVE Justifications

Find justifications for CVEs associated with our products that do not require fixes.

Learn More 

Incident Clarifications

Get clarifications on security incidents that are relevant to WSO2 and our customers.

Learn More 

Secure Software Development Process

WSO2 Cloud Security

We secure all WSO2 cloud deployments by following industry-standard processes.

Learn More 


FAQs

Data is managed using WSO2 containers and Kubernetes clusters, which provide scalability, resilience, and security. Find out more here.

This is a detailed list of all subprocessors used by WSO2, including their name, location, and purpose. This information is updated frequently to ensure compliance with data protection regulations and can be found here.

WSO2 uses a range of security controls and design patterns to protect against a variety of threats, including internal attacks, software supply chain attacks, service and platform attacks, and more. Find out more regarding this here.