AdobeStock_490334257

Cribl’s Blueprint for Secure Software Development

July 16, 2024
Written by
Categories: Learn

Cribl is a customer first company. Building high value, secure-by-design software for security and IT teams has been by far the most gratifying experience of my professional career. As a security professional that deeply believes in Cribl’s product and mission, I share the excitement of changing forever how our customers operate and enabling them to protect their organizations; working at Cribl has been my greatest calling.

Security is a Feature Enterprise Customers Demand

It’s not enough to build best-in-class enterprise software; our customers demand security as a feature and a requirement. In 2022, to ensure Cribl’s secure software development life cycle (SDLC) met the requirements of our customers, Cribl invested heavily in building a world-class product security team. By early 2023, Cribl finished implementing the practices outlined in the NIST Secure Software Development Framework (SSDF) v1.1 and had a highly credible third-party security firm audit and attest to Cribl’s successful implementation of these practices. But that was only the beginning.

Cribl has the most security-demanding customers globally, and building secure products is part of Cribl’s engineering identity. We have built a secure software development lifecycle that is both culturally and policy-driven, where product security tooling and processes are integrated into every architecture review, pull request, and software release.

Understanding the NIST SSDF v1.1

The National Institute of Standards and Technology (NIST) SSDF v1.1 provides a robust framework for secure software development. It outlines best practices and guidelines to ensure that security is baked into the development process from the ground up. By adopting these practices, organizations can mitigate risks, reduce vulnerabilities, and enhance the overall security of their software products.

Publishing Our Secure SDLC Whitepaper

Standing on the shoulders of giants, I am proud to announce the publication of Cribl’s secure SDLC whitepaper, detailing the tools and processes we use to build secure software.

Launching Our Bug Bounty and Responsible Disclosure Programs

As part of our ongoing commitment to security, Cribl has partnered with Bugcrowd to launch both a private bug bounty program and a public responsible disclosure program. These initiatives encourage security researchers and ethical hackers to help us identify and resolve vulnerabilities in our software.

Our private bug bounty program invites a select group of trusted researchers to test our software for security flaws. By working closely with these experts, we can crowdsource their endless talents to identify and address vulnerabilities before they can be exploited by malicious actors.

In addition to our private program, we’ve established a public responsible disclosure program. This program invites anyone to report potential security issues discovered in our software. By providing clear guidelines and a streamlined reporting process, we ensure that security researchers can easily and responsibly disclose vulnerabilities to us.

Read the Whitepaper!

We invite you to read Cribl’s secure SDLC whitepaper to learn more about our approach to building secure software and join us in our mission to build a better world for security and IT teams.

Moar Security Team Blog Posts!

A new Cribl blog series, “A Walk Through Cribl’s Security Program,” is being published. It will share insights from members of Cribl’s security teams about our security programs, such as building secure software, securing the corporate domain, and utilizing Cribl Cloud for incident response. Stay tuned for more!


 

Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.

We offer free training, certifications, and a free tier across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started and continue to build and evolve. We also offer a variety of hands-on Sandboxes for those interested in how companies globally leverage our products for their data challenges.

.
Blog
Feature Image

Cribl Stream: Up To 47x More Efficient vs OpenTelemetry Collector

Read More
.
Blog
Feature Image

12 Ways We Sleighed Innovation This Year

Read More
.
Blog
Feature Image

Scaling Observability on a Budget with Cribl for State, Local, and Education

Read More
pattern

Try Your Own Cribl Sandbox

Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.

box

So you're rockin' Internet Explorer!

Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari

Got one of those handy?