Security Programs at Sitecore

We incorporate security into our products and best practices into everything we do

Some of the steps we have taken to ensure your data’s protection include:

  • Security Governance - Sitecore has implemented a three-line defense model for security operations, governance, and assurance. This is supported by strong management and Board oversight.

  • Security Operations – Sitecore has made significant investments to implement a security operations center in order to maintain state of the art technical controls and a comprehensive and robust approach across platform, processes, and people. This includes 24x7 security monitoring, vulnerability management, and external penetration testing. This allows us to adjust our security posture and protect customer data across our services.

  • Secure Development – Sitecore has implemented a secure software development program, which aligns with Microsoft’s Security Development Lifecycle Framework, and includes developer training, secure design, threat modeling, secure coding, static analysis, dynamic analysis, and penetration testing.

  • Responsible Disclosure - Sitecore is committed to working with security researchers who are responsibly reporting vulnerabilities in its software products.

  • Security Compliance Programs - Sitecore has implemented robust information security practices to comply with industry-leading standards.

  • Bug Bounty Program - If you discover a security bug or vulnerability on a Sitecore website, please report it by sending an email to securityvulnerability@sitecore.com. Sitecore partners with HackerOne, and depending on the scope and criticality of the issue, it may be eligible for a reward.

For more information, please visit the Sitecore Trust Center FAQ.