Security and Compliance
At WSO2, we prioritize the security and resilience of our products and services. We adhere to industry best practices and maintain a transparent security program to continuously improve our offerings.
Report a VulnerabilityRead Security Docs
Report Abuse
Security Attestations
ISO/IEC 27001:2013
WSO2 is certified to the globally recognized ISO/IEC 27001:2013 standard for Information Security. This standard specifies how to implement, monitor, maintain, and continually improve an Information Security Management System (ISMS) to ensure that your data is shielded from unauthorized access, maintaining its integrity and availability.
System & Organization Controls (SOC)
WSO2 has successfully obtained the SOC 2® Type 2 Report for its Public and Private Cloud services. The SSAE18 SOC 2® Type 2 examination provides you with a detailed assessment of our system controls. Focusing on the key aspects of security, confidentiality, and availability of customer data, this report assures you that your information is protected at all times.
Security Programs
Vulnerability Management Process
Examine how we manage vulnerabilities related to our products and services.
Learn More
Secure Engineering
Guidelines
Discover security best practices followed by our engineering team for WSO2 products and services.
Learn More
Responsible Disclosure Program
Discover how we reward contributors who responsibly disclose vulnerabilities and contribute to our products and services through our Hall of Fame.
Learn More
WSO2 Product Security
Secure Software Development Process
Learn how we prioritize security throughout the Software Development Life Cycle.
Security Guidelines for Production Deployment
Follow our security guidelines for secure configuration of WSO2 products in production settings.
Security Announcements
Security Advisories
View our security advisories for information on vulnerabilities affecting our products and services.
CVE Justifications
Find justifications for CVEs associated with our products that do not require fixes.
Incident Clarifications
Get clarifications on security incidents that are relevant to WSO2 and our customers.
WSO2 Cloud Security
We secure all WSO2 cloud deployments by following industry-standard processes.
FAQs
Data is managed using WSO2 containers and Kubernetes clusters, which provide scalability, resilience, and security. Find out more here.
This is a detailed list of all subprocessors used by WSO2, including their name, location, and purpose. This information is updated frequently to ensure compliance with data protection regulations and can be found here.
WSO2 uses a range of security controls and design patterns to protect against a variety of threats, including internal attacks, software supply chain attacks, service and platform attacks, and more. Find out more regarding this here.
At WSO2, we value our users and the broader internet community. We are committed to maintaining the security and privacy of the content published using our platform. If you encounter any malicious, unauthorized, or abusive content, please report it here.
We are committed to promptly communicating security-related notifications and updates that may impact our users. Our Security Notification Policy outlines how we notify relevant stakeholders about security events in accordance with industry best practices. For detailed information, please refer to our full policy document here.