Skip to main content
Skip table of contents

App Security

S/Notify Email Encryption is aimed at maintaining and improving security and confidentiality for you and your products and services. We have taken several measures to make sure that our app meets our high standards and your legitimate expectations.

Proven Cryptography Implementation

We use the proven and well maintained Bouncy Castle cryptography library. We constantly follow and evaluate updates about this library if relevant parts get fixes or improvements.

The cryptography library is provided as an integral part of S/Notify to make sure only the included and tested implementation is used.

Vulnerability Scans

Like any non-trivial application, we make use of provided and included libraries. To make sure that we learn about any new findings of vulnerabilities as soon as possible, we perform daily vulnerabilities scans (OWASP scans) on all our source codes.

Code and App Signing

S/Notify is signed by a JCE (Java Cryptography Extensions) Code Signing Certificate to enable and secure the cryptography functionality. The JCE code signing is checked upon each and every setup of our JCE provider.

S/Notify also includes checksums that are signed by our company’s code signing certificate. When our app initializes, the checksums, signature and certificate validity are checked. Any modifications would be detected and rejected.

With these measures, it is ensured that S/Notify can only be used and executed exactly as we have built and tested it.

Testing

Last but not least, mutliple levels of testing aim at providing a high quality application that you can rely on:

  • Automated unit tests are executed with each build, at least daily

  • Automated integration tests (with Jira, Confluence and Bitbucket) are executed daily

  • Additional manual tests are executed in release and compatibility tests

  • Compatibility tests are performed with every new major or minor Atlassian release of Jira, Confluence or Bitbucket

  • Check lists are used and enforced for all critical processes

Documentation

Secure Software Development Attestation

A Secure Software Development Attestation for S/Notify Email Encryption has been published in the Repository for Software Attestations and Artifacts (RSAA) of the US Cybersecurity & Infrastructure Security Agency (CISA). It warrants our secure approach in developing S/Notify Email Encryption to produce the safe and secure software products our customers expect from us.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close