Camunda Security
At Camunda, we’re committed to Information Security, Privacy and Compliance.
Our mission is to establish trust through transparency.
We encourage all Camunda’s prospective and existing customers to begin their due diligence with the Camunda Trust Center. If you have remaining questions which cannot be answered by these resources, please continue on to contact our security team.
For existing customers, we recommend reaching out to your Account team at Camunda. For prospective customers already engaged in discussions with Camunda sales, we recommend contacting your Account Executive.
Security issues and vulnerabilities can be reported via the Camunda JIRA issue tracker.
Please follow these steps:
- Create an account on the Camunda JIRA issue tracker
- Navigate to the issue creation screen
- Create a JIRA ticket in the Security (SEC) project of type Security Report. The issue will only be accessible by Camunda staff and you, the reporter.
- Please provide as many details as are known to you.
Once reported, Camunda staff will get back to you and treat your report according to our Security Issue Process.
Vulnerabilities discovered by our enterprise customers are treated as bugs and the agreed SLAs apply.
Qualification
Once reported, Camunda proceeds to assess a vulnerability. This includes root cause analysis, as well as understanding the risk and impact of the problem. This assessment is made in close collaboration with the reporter.
Remediation
Camunda creates a remediation plan to resolve security issues that are identified. Fixes are made available in the form of patch releases (enterprise customers only) and alpha/minor releases (community platform users).
Announcement
Once a fix release or a practicable workaround is available, Camunda informs its users on the Camunda 7 Security Notices page or Camunda 8 Security Notices page.
For more details about Camunda’s Information Security, Privacy and Compliance practices,
visit the Camunda Trust Center.
