SafeBase helps B2B SaaS companies close enterprise deals faster by streamlining the security assessment process. We take security seriously and have a dedicated internal security team. Our security team's controls and policies are detailed in this Trust Center. If you have any additional questions or concerns, please email us at security@safebase.io
We have completed our latest SOC 2 Type 2 audit! The new report is available in our Trust Center.
SafeBase is not affected by the XZ Utils backdoor vulnerability.
Our security team has reviewed all OS versions deployed in our environment and confirmed that none of the impacted operating systems or versions are utilized.
For more details on this vulnerability, please visit https://nvd.nist.gov/vuln/detail/CVE-2024-3094 and https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-backdoor-in-xz-utils.
SafeBase is aware of the recent update that Okta provided customers regarding data leakage with the Customer Support Management System. Based on the information known to us at this time, we have deemed the impact to be minimal for SafeBase and our customers. We had already enabled Admin Session Binding, one of the recommended features suggested by Okta in their notice, as soon as it was made available in our Okta instance. In addition, we use strong, hardware-based MFA, strict session timeouts, and have regular phishing training for all employees.
Our security team has been made aware of the new HTTP/2 Rapid Reset Attack that could potentially cause a denial of service for web servers. Due to proactive mitigations by both Google Cloud and Cloudflare, none of our infrastructure has been affected to our knowledge. In addition, we confirmed that our underlying NGINX servers do not have the HTTP/2 module enabled.
For more details on this vulnerability, please visit https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack.
As a precaution, the security team made the decision to rotate the connection credentials used by our Retool instance despite the Retool team confirming that our instance was not affected. We are confident that with this added step, there should have been no material impact to any SafeBase data from the Retool security incident.
Hi,
As you may be aware, one of our subprocessors, Retool, recently disclosed a security incident that affected a very small number of customers: https://retool.com/blog/mfa-isnt-mfa/. To our knowledge, no SafeBase data was affected. The Retool team has confirmed that our Retool instance was not affected by this incident. We will continue to monitor this situation and will provide updates if we have any going forward.
The SafeBase Security Team
If you need help using this Trust Center, please contact us.
If you think you may have discovered a vulnerability, please send us a note.