Cribl is a customer first company. Building high value, secure-by-design software for security and IT teams has been by far the most gratifying experience of my professional career. As a security professional that deeply believes in Cribl’s product and mission, I share the excitement of changing forever how our customers operate and enabling them to protect their organizations; working at Cribl has been my greatest calling.

Security is a Feature Enterprise Customers Demand

It’s not enough to build best-in-class enterprise software; our customers demand security as a feature and a requirement. In 2022, to ensure Cribl’s secure software development life cycle (SDLC) met the requirements of our customers, Cribl invested heavily in building a world-class product security team. By early 2023, Cribl finished implementing the practices outlined in the NIST Secure Software Development Framework (SSDF) v1.1 and had a highly credible third-party security firm audit and attest to Cribl’s successful implementation of these practices. But that was only the beginning.

Cribl has the most security-demanding customers globally, and building secure products is part of Cribl’s engineering identity. We have built a secure software development lifecycle that is both culturally and policy-driven, where product security tooling and processes are integrated into every architecture review, pull request, and software release.

Understanding the NIST SSDF v1.1

The National Institute of Standards and Technology (NIST) SSDF v1.1 provides a robust framework for secure software development. It outlines best practices and guidelines to ensure that security is baked into the development process from the ground up. By adopting these practices, organizations can mitigate risks, reduce vulnerabilities, and enhance the overall security of their software products.

Publishing Our Secure SDLC Whitepaper

Standing on the shoulders of giants, I am proud to announce the publication of Cribl’s secure SDLC whitepaper, detailing the tools and processes we use to build secure software.

Launching Our Bug Bounty and Responsible Disclosure Programs

As part of our ongoing commitment to security, Cribl has partnered with Bugcrowd to launch both a private bug bounty program and a public responsible disclosure program. These initiatives encourage security researchers and ethical hackers to help us identify and resolve vulnerabilities in our software.

Our private bug bounty program invites a select group of trusted researchers to test our software for security flaws. By working closely with these experts, we can crowdsource their endless talents to identify and address vulnerabilities before they can be exploited by malicious actors.

In addition to our private program, we’ve established a public responsible disclosure program. This program invites anyone to report potential security issues discovered in our software. By providing clear guidelines and a streamlined reporting process, we ensure that security researchers can easily and responsibly disclose vulnerabilities to us.

Read the Whitepaper!

We invite you to read Cribl’s secure SDLC whitepaper to learn more about our approach to building secure software and join us in our mission to build a better world for security and IT teams.

Moar Security Team Blog Posts!

A new Cribl blog series, “A Walk Through Cribl’s Security Program,” is being published. It will share insights from members of Cribl’s security teams about our security programs, such as building secure software, securing the corporate domain, and utilizing Cribl Cloud for incident response. Stay tuned for more!

Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.

We offer free training, certifications, and a free tier across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started and continue to build and evolve. We also offer a variety of hands-on Sandboxes for those interested in how companies globally leverage our products for their data challenges.