Note
View our SOC 2 Type 1 report and documentation of relevant controls on our trust center.
We’re excited to announce that Hacktron has successfully achieved compliance with the SOC 2 framework, marking a significant milestone in our commitment to data security and regulatory compliance.
Because we build security software, we hold ourselves to the same standards we expect from every vendor we trust. Hacktron is built on dogfooding: we run our own product continuously across our entire software development lifecycle to surface vulnerabilities early and often. SOC 2 compliance is external validation of that discipline, and a signal to customers that our security posture, processes, and platform are designed to earn trust in real production environments.
What is SOC 2 Type 1?
SOC 2 is a well-known security standard for companies that handle customer data. It checks whether a company protects information properly and follows clear, trusted rules.
Hacktron has achieved this based on the Security trust services criteria, which require us to commit to, among other things:
- System features and configuration settings designed to authorize user access while restricting unauthorized users from accessing information not needed for their role.
- Use of intrusion detection systems to prevent and identify potential security attacks from users outside the boundaries of the system.
- Regular vulnerability scans over the system and network, and penetration tests over the production environment.
- Operational procedures for managing security incidents and breaches, including notification procedures.
- Use of encryption technologies to protect customer data both at rest and in transit.
- Use of data retention and data disposal.
How Hacktron secures Hacktron
We use our own products to test for vulnerabilities throughout our software development lifecycle: the platform for continuous scanning in the CI/CD pipeline, and the CLI for internal penetration testing every quarter. From the report:
Hacktron uses GitHub Secret Protection and GitHub Code Security from GitHub Advanced Security to perform automated secret detection and vulnerability scans. Additionally, Hacktron builds AI agents for the purposes of vulnerability detection, and performs quarterly vulnerability scans using our own agents.
What this means for our customers
By undergoing a comprehensive audit conducted by a reputable third-party firm, we have demonstrated our ability to effectively manage security risks and protect customer data. This allows us to work better with customers who require SOC 2 compliance, or are otherwise interested in our security posture.
We extend our sincere appreciation to Insight Assurance for their thorough evaluation and validation of our compliance efforts, and Vanta for their platform and support. Insight Assurance’s expertise and impartial assessment have been instrumental in verifying our adherence to the SOC 2 Type 1 framework.
As we continue to prioritize data security and regulatory compliance, we remain steadfast in our commitment to upholding the highest standards of excellence in all aspects of our operations.
Thank you to our valued partners and stakeholders for their support as we continue on our journey towards greater security and compliance.