Versasec Secure by Design

Earlier this year, Versasec joined the U.S. Cybersecurity & Infrastructure Security Agency (CISA) by signing the Secure by Design Pledge — a voluntary commitment to specific security goals.

Goal Status
Drive adoption of multi-factor authentication Completed
Reduce use of default passwords Completed
Reduce common classes of vulnerabilities On track
Drive improved customer patching hygiene On track
Publish a vulnerability disclosure policy Completed
Provide transparency on vulnerabilities Completed
Deliver improved logging and monitoring for customers On track

Secure by Design Goals

Multi-Factor Authentication (MFA): At Versasec, MFA is our core focus and passion. Our products and company vision are centered around making the most secure MFA methods available to all organizations, regardless of size and industry. In addition to enabling our customers to deploy and leverage the most secure forms of MFA, CBA and FIDO2, our solutions themselves utilize phishing resistant authentication for all accounts.

Default Passwords: Default passwords in software and hardware are easily discovered by bad actors, leading to widespread unauthorized access. For this reason, our solutions and offerings do not include any form of password authentication. All administrative and user authentications are performed using phishing resistant MFA.

Reducing Entire Classes of Vulnerability: Our approach to designing secure software begins with our safe coding practices, which include code reviews, secure development environments, workshops, and tools. Versasec’s designers and engineers build solutions with a security-first mindset to reduce entire classes of vulnerabilities, including cross-site scripting (XSS), SQL injection, memory safety issues, and insecure use of cryptography.

Security Patches: Vendors should strive to minimize the burden on their customers by making software updates as easy to apply as possible. Versasec prioritizes this approach and focuses on the adoption of our updates, emphasizing quick delivery of fixes and simple upgrades in customer deployments and Versasec cloud to reduce the window of opportunity for bad actors to exploit flaws. By continuously releasing new major versions each quarter, and service packs as needed, we ensure that we stay ahead of any potential security issue. We are also in progress to deliver an automated client upgrade framework that will enable our customers’ help desk staff to keep their Versasec client applications up to date.

Vulnerability Disclosure: Industry collaboration is key to finding and reporting bugs and vulnerabilities. Versasec has been a long-time proponent of transparency. In line with this, we take proactive measures to find issues and welcome the help of the security industry for external reports. Our Vulnerability Disclosure Policy has connected us with security researchers who have helped us secure our products.

Common Vulnerabilities and Exposures (CVEs): CVEs help identify fixes that have not been applied by a customer or user. Versasec has implemented a CVE program for our products that require action to update.

Evidence of Intrusions: Just like physical security issues, people deserve to be informed about possible intrusions, without being overloaded with irrelevant information. We do this by providing warnings about the security of customers Versasec products, potential security issues in customer deployments, and security alerts in components and integrations with third parties. All actions taken in our products by administrators and helpdesk staff are kept in an audit log. We are also in the progress on implementing auditable configuration changes. Our products can be integrated with SIEM systems for monitoring and alerting of potential security issues.

Conclusion

Since the beginning of Versasec, we have been dedicated to incorporating security by design. This is not a one-off project for us; it is a mindset. We continue to raise the bar for delivering secure solutions that enable our customers to strengthen their security posture in the areas of MFA, signing, and encryption. We will keep sharing information about how we work to deliver on the promises made in the CISA pledge.

vSEC:CMS

Our product suite provides all the software tools to administrate and manage credentials in a secure and convenient way.

Start here

Free Product Trial

Versasec provides enabling IT security products centered on the usage of security devices such as smart cards. Our solutions enable customers to securely authenticate, issue and manage user credentials more cost effectively. Get a free product trial.

Job Openings

We are always looking for new exceptional persons to join our team! Find out more about our job openings.

New to credential management?

SCMS = Smart Card Management Systems
CMS = Credential Management System
Have a look at the Wikipedia definition of a ‘Smart Card Management System’.

Versasec Support

Versasec customers with an existing support and maintenance contract can access the Versasec Support Portal, offering extensive professional support and maintenance services. The Versasec Support Portal offers a variety of services, allowing for customers and any site visitor to communicate directly with support engineers.

Visit Support

Company Blog

Our blog addresses the latest security trends and stories. The posts discuss how identity and access management are playing a larger role in keeping corporate data safe as well as brand reputations intact.

Visit our Blog