App Security

S/Notify Email Encryption is aimed at maintaining and improving security and confidentiality for you and your products and services. We have taken several measures to make sure that our app meets our high standards and your legitimate expectations.

Proven Cryptography Implementation

We use the proven and well maintained Bouncy Castle cryptography library. We constantly follow and evaluate updates about this library if relevant parts get fixes or improvements.

The cryptography library is provided as an integral part of S/Notify to make sure only the included and tested implementation is used.

Vulnerability Scans

Like any non-trivial application, we make use of provided and included libraries. To make sure that we learn about any new findings of vulnerabilities as soon as possible, we perform daily vulnerabilities scans (OWASP scans) on all our source codes.

Code and App Signing

S/Notify is signed by a JCE (Java Cryptography Extensions) Code Signing Certificate to enable and secure the cryptography functionality. The JCE code signing is checked upon setup of our JCE provider.

S/Notify also includes checksums that are signed by our company code sign certificate. When our app initializes, the checksums, signature and certificate validity are checked. Any modifications would be detected and rejected.

With these measures, it is ensured that S/Notify can only be used and executed exactly as we have built and tested it.

Testing

Last but not least, different levels of testing aim at providing a high quality application that you can rely on:

• Automated unit tests are executed with each build, at least daily

• Automated integration tests (with Jira, Confluence and Bitbucket) are executed daily

• Additional manual tests are executed in release and compatibility tests

• Compatibility tests for each new major or minor Atlassian release of Jira, Confluence or Bitbucket

• Check lists are used and enforced for all critical processes