At WSO2, we prioritize the security and resilience of our products and services. We adhere to industry best practices and maintain a transparent security program to continuously improve our offerings.
Report a Vulnerability
WSO2 is certified to the globally recognized ISO/IEC 27001:2013 standard for Information Security. This standard specifies how to implement, monitor, maintain, and continually improve an Information Security Management System (ISMS) to ensure that your data is shielded from unauthorized access, maintaining its integrity and availability.
WSO2 has successfully obtained the SOC 2® Type 1 Report for its Public and Private Cloud services. The SSAE18 SOC 2® Type 1 examination provides you with a detailed assessment of our system controls. Focusing on the key aspects of security, confidentiality, and availability of customer data, this report assures you that your information is protected at all times.
Examine how we manage vulnerabilities related to our products and services.
Discover security best practices followed by our engineering team for WSO2 products and services.
Discover how we reward contributors who responsibly disclose vulnerabilities and contribute to our products and services through our Hall of Fame.
Learn how we prioritize security throughout the Software Development Life Cycle.
Follow our security guidelines for secure configuration of WSO2 products in production settings.
View our security advisories for information on vulnerabilities affecting our products and services.
Find justifications for CVEs associated with our products that do not require fixes.
Get clarifications on security incidents that are relevant to WSO2 and our customers.
We secure all WSO2 cloud deployments by following industry-standard processes.
Data is managed using WSO2 containers and Kubernetes clusters, which provide scalability, resilience, and security. Find out more here.
This is a detailed list of all subprocessors used by WSO2, including their name, location, and purpose. This information is updated frequently to ensure compliance with data protection regulations and can be found here.
WSO2 uses a range of security controls and design patterns to protect against a variety of threats, including internal attacks, software supply chain attacks, service and platform attacks, and more. Find out more regarding this here.
