We work hard to ensure the security of our products. We follow an SDLC (secure development life cycle) process in our R&D. In general, Piiano works to be SOC2 compliant and the Vault is PCI-DSS ready. The steps we take to ensure product security include penetration tests, automated scans, and internal and external reviews of the code, secure design, and architecture. However, vulnerabilities may still be discovered in Vault or one of its dependencies.
If you discover a vulnerability in Vault, please inform us at firstname.lastname@example.org. We make small awards, at our discretion, for correct and legitimate reports.
We fix vulnerabilities discovered in any dependencies as part of the regular release cycle. All dependencies are updated and checked for vulnerabilities during a release using automated tools. If a critical vulnerability is found, we will issue an urgent update for Vault to fix the vulnerability and inform all users when necessary.