Welcome to Automox's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.
Our Automox Security Team embodies over three decades of operational expertise in designing and safeguarding large-scale, multi-tenant cloud and internet applications. In line with our dedication to fostering transparency and security, we mandate that all team members undergo stringent background checks before employment. This proactive approach ensures that our team operates in an environment that is both secure and transparent, reinforcing our commitment to creating a safer world.
As part of our compliance with CISA's Secure By Design Pledge, we are attesting that we long ago eliminated any default passwords in our product, do not allow them, and scan for them on a regular basis.
We are aware of the reported security incident involving SiSense. Automox is not directly impacted at this time. However, we are currently conducting a thorough triage of our vendors and partners to assess any potential third-party impact. We will provide updates as necessary on our security portal https://security.automox.com/.
Recently, the security team here at Automox became aware of the news surrounding a high impact MOVEit vulnerability. Reputable threat intelligence sources have reported that this incident impacts customers of this solution: https://www.securityweek.com/moveit-customers-urged-to-patch-third-critical-vulnerability/.
We want our customers to know that Automox is not impacted by this vulnerability.
We do not leverage this technology/software within our product and therefore the confidentiality, integrity, and availability of our systems remain unharmed.
After careful review of our infrastructure and SBOM, the Automox team has determined that we are not currently vulnerable to the OpenSSL 3 vulnerabilities CVE-2022-3602 and CVE-2022-3786 that were disclosed on November 1, 2022.
On Sept 29th, News broke of a new ProxyLogon 0-day RCE being used to target Microsoft Exchange Servers. Automox is not affected at this time. Automox does not currently use any Microsoft Exchange products in the delivery of our products or services.
If you think you may have discovered a vulnerability, please send us a note.