From 739fb609296bef61a3ad640c476d840272f60186 Mon Sep 17 00:00:00 2001 From: Jim Burger Date: Thu, 11 Apr 2024 13:08:45 +1000 Subject: [PATCH 1/2] Corrected some out of date information regarding accessing pen. test reports. Corrected some out of date information regarding accessing pen. test reports, including links to our trust centre and additional context regarding our certifications. --- src/pages/docs/security/index.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/pages/docs/security/index.md b/src/pages/docs/security/index.md index 3c0ac6ccaf..317048e3d5 100644 --- a/src/pages/docs/security/index.md +++ b/src/pages/docs/security/index.md @@ -13,10 +13,11 @@ We pride ourselves on making Octopus Deploy a secure product. The security and i This section provides information about the responsibility we take to provide a secure software product, and considerations for you as the host and administrator of your Octopus Deploy installation. -Every year Octopus undergoes a security review conducted by a third-party company. The latest reports can be downloaded: -- [cloud-security-review-2022.pdf](https://octopus.com/documents/cloud-security-review-executive-report-2022.pdf) -- [octopus-security-review-2022.pdf](https://octopus.com/documents/octopus-security-review-executive-report-2022.pdf) +## Our Certifications +Octopus Deploy is compliant with cybersecurity standards such as ISO27001 & SOC II. Every year Octopus undergoes a security review conducted by a third-party company. We also run several public bug bounty programs to encourage the security community to help us keep our customers safer. We are an active member of MITRE through its CVE program as a CNA, meaning that we're responsible for disclosing any vulnerabilities in our product to allow customers security teams to make informed decisions. + +A comprehensive overview of our security controls is available in our [Trust Centre](https://trust.octopus.com) where it is possible to request access to our certifications and penetration test reports, as well as other supporting documents and policies. We often hear from customers who want to know more about our security posture. We've performed a [self assessment against various industry-standard controls](/docs/security/caiq). Feel free to use this in any vendor assessments you need to perform. From 0ab41d2e258cf0c035ee459d4907af1915bbfd72 Mon Sep 17 00:00:00 2001 From: Steve Fenton <99181436+steve-fenton-octopus@users.noreply.github.com> Date: Tue, 16 Apr 2024 11:34:36 +0100 Subject: [PATCH 2/2] Update index.md --- src/pages/docs/security/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pages/docs/security/index.md b/src/pages/docs/security/index.md index 317048e3d5..495893223a 100644 --- a/src/pages/docs/security/index.md +++ b/src/pages/docs/security/index.md @@ -1,7 +1,7 @@ --- layout: src/layouts/Default.astro pubDate: 2023-01-01 -modDate: 2023-01-01 +modDate: 2024-04-16 title: Security navTitle: Overview navSection: Security