After last week's abundant press coverage for the Log4shell vulnerability, we'd like to reassure our customers.
We don't use log4j in MatrixALM/QMS.
Furthermore we ensure all our servers use the latest version of the Java runtime, which would also have mitigated the threat.
We take security very seriously, that is why we have the following measures in place:
- We are ISO27001 certified (we actually have the re-certification in 2 days)
- We have a bug bounty program
- We have regular consultations with security companies to go over our operations
Over the last 12 months we also implemented a way to replicate all our customers' data to secondary servers. This means that if we lose our primary servers, our customers can still access their data through the replication (in read only mode).
Don't hesitate to contact us if you need more details about our operations and security.