Our users place a high level of trust in Inkit to manage mission critical infrastructure. The security of customer data, of our products, and our services are a top priority. Inkit's best-in-class security starts at the foundational level and includes internal threat models, routine internal and external security assessments, and secure software development.
Inkit has a team of security professionals dedicated to securing, protecting and hardening the security of the company and its products. Our security pillars hinge on monitoring, risk analysis, and mitigation through:
- Detection & Response
- Governance, Risk and Compliance (GRC)
- Cloud Security Hardening
- Product Security Hardening
We have a team dedicated to our compliance program and are committed to providing our customers with all relevant security documentation to build a foundation of trust in our company and products. We are in the final stages of our SOC 2 certification.
Our Data Processing Addendum
If you have any additional questions around our security program, please email [email protected]
Inkit hires reputable external, third parties to perform regular security assessment and penetration testing of our products. Please email [email protected] for those reports.
Inkit publishes security updates, which address security vulnerabilities and enhancements.
This is directly accessible at https://docs.inkit.com/changelog
Please consider subscribing to email notifications or RSS for all security updates.
We deeply appreciate any effort to discover and coordinate the disclosure of security vulnerabilities. We do have a bug bounty program and invite participation.
If you would like to report a vulnerability in one of our products or services, or have security concerns regarding Inkit systems, please email [email protected].
To support a timely and effective response to your report, please include any of the following:
- Steps to reproduce or proof-of-concept
- Any relevant tools, including versions used
- Tool output
Inkit takes all vulnerability reports very seriously and aims to rapidly respond and verify the vulnerability before taking the necessary steps to address it. After an initial reply to your disclosure, which should be directly after receiving it, we will update you periodically with our response and remediation status.
Security issues that we have already assessed for risk and will address include:
- HTTPS configuration, including supported TLS versions
- HTTP headers, for purposes including Strict Transport Security, Content Security Policy, and clickjacking/XSS protection
- DNS records including those related to email (SPF, DKIM, DMARC) and certificate issuance (CAA).
Updated 3 months ago