Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

The Appfire Trust Center connects you to the latest information on the security, privacy, and compliance of our uniquely positioned products and services, to give you the comfort and trust you need when buying and using any Appfire app.

Appfire is certified under ISO 27001 and ISO 27017, and have also completed our SOC 2 audits.

Requesting full access will give you access to NDA protected content. Subscribing will provide you with notifications of future updates.

Documents

Featured Documents

REPORTSPentest Report
Trust Center Updates

Appfire announces its "Atlassian Host Platform Compatibility Policy"

ComplianceCopy link

Hi all,

Appfire is announcing its "Atlassian Host Platform Compatibility Policy" defining the range of Atlassian Host Platform versions that our Data Center apps will support.

Please see the document in Appfire's trust center by navigating to the Policies Card, and then to "Atlassian Host Platform Compatibility Policy"

Appfire Legal & Infosec Team

Published at N/A*

Appfire security advisory on Snowflake Breach - Account Compromise

IncidentsCopy link

Background

Snowflake is a database vendor used by Appfire for data insights and analytics. It is not used by any of our marketplace applications. Snowflake has an ongoing investigation involving a targeted threat campaign against some Snowflake customer accounts. The initial attack methods revolves around compromise of user accounts that are not secured by MFA or other restricted access methods. According to Snowflake this compromise is not due to a vulnerability in Snowflake’s cloud offering.

Appfire Evaluation

Appfire is not impacted by this breach. As of this writing, Snowflake has stated that there was no breach of their systems nor exploitable vulnerability in their products. Regardless, our information security teams reviewed the controls in place around our instances of Snowflake, and reviewed logs against the indicators of compromise that were shared by Snowflake. We confirmed that none of the recently disclosed events impacted Appfire or our usage of Snowflake. If you would like more information about Snowflake's response to these recent events, please refer to their web site and community forum.

Published at N/A

Appfire SOC 2, Type II Audit Completed!

ComplianceCopy link

🔒 We’re proud to share some exciting news… Appfire hasc ompleted our SOC 2, Type II audit!

As we continue to prioritize the security of our technology, this latest recognition further demonstrates Appfire’s commitment to security and compliance for our customers, prospects, partners, and team members.

Learn more: https://bit.ly/3SJJN3z

Get it here: https://trust.appfire.com/?itemUid=7bfa66da-33ab-49de-8391-e329738a1ae9&source=click

Published at N/A

Appfire 2024 CAIQ-Lite & SIG-Lite released

ComplianceCopy link

Hi all,

Appfire is happy to announce we have released our updated 2024 CAIQ-Lite and SIG-Lite questionnaires. We've made a lot of improvements in the last year, including obtaining ISO 27001 and ISO 27017 certifications and completing SOC 2 audits, and these changes are now reflected in our questionnaires.

CAIQ-Lite

SIG-Lite

On a separate note, we have completed our new SOC 2, Type II audit and are expecting the final report any day. Our results were excellent and we'll send out an update on the Trust Center once it is available.

In addition, we are actively working on our penetration tests and have been updating new test results on an ongoing basis. In 2024 we've decided to test all of our apps twice a year vs. annual testing. This has resulted in Appfire bringing on a new vendor who can support the volume since we will be testing hundreds of apps every 6 months. Thank you for your patience as we roll this out. If you have a specific app or apps you would like us to prioritize, please reach out.

Thanks again for your trust,

Douglas J. Kersten CISO Appfire

Published at N/A

Appfire Security Advisory CVE-2023-22515

IncidentsCopy link

Broken access control vulnerability in Confluence Data Center and Server

Background Atlassian has released a critical security advisory regarding CVE-2023-22515 - Broken Access Control Vulnerability in Confluence Data Center and Server. This note summarizes how this vulnerability affects Appfire applications, systems, and data and what mitigation steps Appfire is undertaking to minimize the impact.

Appfire applications affected by CVE-2023-22515 No Appfire applications are directly affected by, or contribute to the likelihood or impact of, this vulnerability. The risk is confined to the underlying Confluence Data Center and Server instances and their installed apps. The risk remains the same, regardless of which Appfire applications are installed. Since it is an elevation of privilege vulnerability, it is possible for adversaries to create admin-level accounts in Confluence that will allow them full access to install or remove all marketplace apps, as well as allow access to the administrative functions of any installed apps in the affected instance of Confluence.
Appfire corporate Confluence sites affected by CVE-2023-22515 All Appfire Confluence DC and Server sites have been evaluated and any identified risks mitigated.

CVSS 10: URGENT ACTION REQUIRED Clients running affected Confluence Server or Data Center are advised to urgently upgrade to a non-vulnerable version of Confluence Data Center or Server. Furthermore, investigate if escalated privilege or suspicious accounts have been created and used

References: Atlassian Security Advisory for CVE-2023-22515 Atlassian security advisories

Published at N/A

If you need help using this Trust Center, please contact us.

Contact Support

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo