Hello,
Thank you for reaching out to Hexnode Connect. We understand why your cybersecurity team is keeping a close eye on supply chain risks.
Regarding the NPM package vulnerabilities, I want to clarify how Hexnode ensures continuous protection against these types of threats. Hexnode employs a strict Defense-in-Depth strategy to ensure that vulnerabilities do not impact our platform or our users.
Here is how we keep the platform safe:
- Automated Code Scanning: We utilize advanced, automated scanning systems that continuously evaluate every piece of code in our environment. If a malicious, vulnerable, or breached package is detected during this process, it is automatically flagged and blocked before it ever touches our live site.
- Certified Security Standards: Security is foundational to our operations. Hexnode is proudly SOC 2 Type 2 and ISO 27001 certified. This means our overall security posture, including our strict patching habits and vulnerability management, is rigorously audited by independent outside experts every single year. You can read more about our ongoing commitments here: Security and Compliance | Hexnode
I hope this helps with your case. Let me know if you need anything else.
Best regards
George
Hexnode UEM
28 Views
