Welcome to the OpenContext Security Portal. As a provider of tools that materially improve the security context for our customers, our priority is to maintain safe and secure products that our customers can trust.
OpenContext is continually investing in our overall information security program, resources, and expertise.
As a service provider, we understand the importance of providing clear information about our security practices, tools, resources, and responsibilities within OpenContext so that our customers can feel confident in choosing us as a trusted service provider.
Documents
We may provide security-related reports upon request.
We are currently working with experts to put together our company policies. Please contact us for more details.
After a careful review of our codebase, infrastructure, and context manifests, the OpenContext team has determined that we are not currently vulnerable to the OpenSSL 3 vulnerabilities CVE-2022-3602 and CVE-2022-3786 that were disclosed on November 1, 2022.
Additional response from Google - https://cloud.google.com/openssl-security-advisory
As an additional reminder, our Subscribe feature is available as a means to send updates such as these to customers. You can Subscribe to OpenContext security updates yourself at the top of this Security Portal. Please feel free to reach out to us at security@opencontext.com if you have any questions or concerns.
Security Update - Log4j
As you may have seen in recent news, a recent major security vulnerability was discovered with the popular logging utility Log4j.
After reviewing our software context manifests, architecture, logs, communicating with our vendors, and reading all the information that is publicly available as of January 2022, we have no reason to believe that any OpenContext internal or customer data has been affected at this point in time. Should this change, we will communicate this to you as soon as we are able to.
As it stands, none of our code is written in Java, nor do we use any impacted tooling throughout our entire tech stack.
As an additional reminder, our Subscribe feature is available as a means to send updates such as these to customers. You can Subscribe to OpenContext security updates yourself at the top of this Security Portal.
Please feel free to reach out to us at security@opencontext.com if you have any questions or concerns.
If you think you may have discovered a vulnerability, please send us a note.