JFrog Trust Security Incident Management

JFrog’s cyber security incident response team constantly monitors our products, infrastructure operations and security solutions. JFrog’s security has established a comprehensive strategy and policies to promptly and efficiently respond, notify  and remediate security incidents.

 

Continuous Monitoring

JFrog’s cyber incident response team (CIRT) continuously monitors our products’ logs, infrastructure operations and systems audit logs in our internal SIEM (Security Information and Event Management) to promptly and efficiently detect potential incidents. As part of this ongoing effort, the CIRT team investigates and respond to reports from their bug bounty program, vulnerability disclosure program, automated scanners, customer support portal and security email inbox.


On Call 

To ensure prompt and efficient response time, our SOC (Security Operations Center) is staffed with highly qualified and experienced security experts, who work to fulfill our internal SLA policy. 

 

Access to Data

JFrog’s CIRT has read-only access to JFrog systems, services and infrastructure to support any incident properly. This allows the team to quickly escalate incident responses, enrich relevant incident data, and quickly address and resolve issues.

 

Playbook Response 

JFrog’s CIRT follows clearly defined and detailed methods and playbooks to identify, contain, investigate, report and respond to every type of incident. As a result, it can quickly zero in on each incident, precisely define its scope, identify its root cause , methodically take remediation steps, and fix it promptly.

 

Lesson Learned

Once an incident is resolved and the investigation is completed, we perform a root cause analysis, and evaluate how well our cyber security incident response plan worked, to resolve the issue and identify improvements and actions that need to be made.   

 

External Incident Response Experts

JFrog’s CIRT works with external incident response experts to assist us with emergency security incidents.

 

Vulnerability Management

As part of our comprehensive vulnerability management process, JFrog’s CIRT:

  • Runs continuous and automated vulnerability scans of all our assets.
  • Prioritizes vulnerability fixes and releases patches quickly.

Powering the Software
that Powers the World

It’s our Liquid Software vision to automatically deliver software
packages seamlessly and securely from any source to any device.