HiSoftware: Security Practices

Company Profile

OVERVIEW

FACTS AT A GLANCE

EXECUTIVE LEADERSHIP

ADVISOR PROFILES

OUR HISTORY

CUSTOMER LIST

HISOFTWARE BLOGS

Related Links:

NEWS & EVENTS

CAREERS

INFORMATION REQUEST

DIRECTIONS

HiSoftware Security Practices

HiSoftware uses industry leading security engineering practices and processes in building its products. That work is manifest in products that are trusted throughout the world to test, remediate and monitor Web site content and applications. This document provides an overview of the security engineering practices at HiSoftware. Experience Matters HiSoftware has been a leading developer of user driven interactive desktop solutions and back-end automated server side application software for over 8 years. During that time, our products have undergone intense scrutiny from all types of security experts - both within and outside of HiSoftware.

These products, and our engineering processes, have withstood the most difficult security test: the real-world test of time. AccVerify is one of the most broadly utilized Web quality and accessibility testing software solutions in the world. TagGen Office and Hi-Caption have broad industry recognition as leading metadata and captioning solutions. AccMonitor Compliance Server is a widely accepted back-end monitoring solutions for Web Content Quality monitoring.

HiSoftware has maintained a strong, consistent record of providing trusted products. HiSoftware's products empower quality assurance teams, content developers, Web site architects, and company executives to work collaboratively on their efforts to create and manage corporate Web standards for Accessibility, Privacy, Searchability, Usability and custom guidelines and policies. HiSoftware's integrated, full-lifecycle solutions dramatically reduce the time required to test, manage and deploy e-business Web sites.

HiSoftware works closely with industry leaders and visionaries to provide solutions for today's information accessibility, content quality, search and retrieval needs. HiSoftware's customers represent Fortune 500 companies, and many of the largest e-commerce, government, and educational sites in North America and around the world. Our Philosophy When it comes to security, HiSoftware is practical and grounded by our own experience, and that of our industry peers. We apply industry best practices when making decisions about security - this includes techniques used in engineering and QA, as well as the way that we've implemented our organization and our processes. Where appropriate government and industry standards exist, we use them to inform our decision. Although HiSoftware believes that security is a shared responsibility between ourselves and our users, we know that we must carry the greater part of that responsibility. We work hard on security, so that our users can focus on providing rich, user-friendly experiences. Our Internal Team HiSoftware's team has industry leading experience and training in building secure applications. At HiSoftware, our goal is to ensure that potential problems are eliminated before they get to customers.

You can contact our internal team directly about potential security issues by sending mail to support@hisoftware.com

Development Quality Assurance HiSoftware utilizes a system of overlapping checks throughout the development process to ensure our security obligations are being met at every stage. Our team is dedicated to providing customers with a secure product. HiSoftware's engineers consider potential threats when designing and implementing products. Quality Assurance (QA) uses those threats to test the products for security flaws. The teams also participate in periodic secure development training to make sure that their skills stay sharp. In addition, the product team regularly participates in external product security reviews to extend and verify the effectiveness of our internal work on security. Incident Response Process Occasionally a product ships with a bug that may expose our users to undesirable security risk.

To help identify those situations and provide 3rd-parties with an easy way to communicate their concern, the product security team provides a number of mechanisms for alerting users about potential security issues. The HiSoftware website is the most common source for communicating about post-release security events. It provides a web form that is monitored by the Product Security Team and can be used to tell us directly about an issue. We may also become aware of vulnerabilities through our customer support, technical support, sales organizations, or through industry contacts.

When HiSoftware becomes aware of a potential security issue, we are quick to respond. The Team coordinates an appropriate remediation, which often includes a patch or simple work around. We tightly control information about the issue until we are able to notify all potential stakeholders simultaneously. Once a remediation is available, we then notify our customers, users, and anyone else who wants to know about the potential security vulnerability. A history of all recent security patches is available on the HiSoftware Web site. Communication We are constantly trying to improve our communication about security and make sure that it meets the needs of our customers.

More information about security and HiSoftware's products is available on our website, at http://www.hisoftware.com.