Security Program

We believe in security by design. It should not be an afterthought. It should permeate all aspects of the software lifecycle from architecture and design, through implementation and QA, to production, and it must be carried on in updates and maintenance. IronCore is committed to best practices across our organization.

In order to provide this security in a scalable environment, we implemented a type of encryption called transform cryptography (also known as proxy re-encryption). We selected an algorithm that had been introduced and evaluated in multiple peer-reviewed academic publications, and we recently published a paper describing our use of transform cryptography that also went through a peer review by cryptographers and was presented at an academic conference. We have done presentations on our cryptography and our implementation to professional developer and security conferences, including a presentation at the Crypto & Privacy Village at DefCon 2018. Trustworthy cryptographic software requires scrutiny and transparency. In addition to gathering input from the cryptographic community, we engaged the NCC Group to conduct an audit of our transform cryptography implementation. We quickly resolved the issues that they discovered and they confirmed our changes. They are preparing a public report on their findings now. We welcome any and all inspection of our core cryptography code. We created an open source project containing our Scala implementation of the transform cryptography library – anyone can browse or clone the GitHub repository IronCoreLabs/recrypt and submit issues. Better yet, we have created a Bug Bounty program to reward anyone that uncovers a bug in our system and responsibly reports it to us.

We use a variant of Microsoft’s Secure Development Lifecycle as part of our Engineering practice. We are strong proponents of test-driven development and the use of continuous integration to guarantee that we are doing as much as possible to root out errors early in the development process. We build property-based tests and utilize random inputs for unit tests to avoid missing errors due to preconceptions. Our code management policies require peer review of all code and mandate a high level of unit test coverage. Tools to check for compliance with coding standards are integrated into our build process. We regularly run static code analysis tools on the code base to search for security problems.

To ensure the integrity of our software over time, we have automated integration and regression test suites that are run when we integrate features into our code base. We also execute regular penetration tests on our systems, scanning for vulnerabilities in the software and the infrastructure.

Our engineers are trained in the principles of secure design and coding, and we require all engineering staff to refresh their training on these important aspects of their jobs annually. The information covered includes the OWASP and SEI CERT secure coding practices, along with other design and programming guidelines.

In spite of our best efforts, software defects are an unavoidable occurrence in even moderately complex systems. Bugs are a reality and will be found in our code as well as in the stacks we use, from libraries to operating systems. We believe that the policies and procedures a company implements to locate, isolate, and respond to these issues are as fundamental to security as any other practice or deployed security technology. We have a well-defined process for reporting, prioritizing, and tracking bugs, with separate categorization for security-related issues. Our release processes include separate procedures for releasing hot fixes to patch critical and severe problems. All manifestations of bugs are incorporated into unit, integration, and regression tests to guarantee that once they are fixed, they stay that way.

Defense in Depth

Even though the data we are handling is secured using end-to-end encryption, we utilize defense in depth techniques to further protect everything. We use encryption in transit to maintain the confidentiality of any metadata associated with interactions with our APIs, and to guarantee that clients are talking to our APIs, not an imposter. Our infrastructure uses encryption in transit as well, providing extra layers of security even inside the firewalls that protect it from the threats roaming the Internet. We use encryption at rest to add extra security to data and its related metadata once it is stored on our servers. Backups are encrypted before being moved to cold storage.

IronCore Labs welcomes this kind of detailed look at our security practices. We are currently undergoing a SOC2 Type 1 audit conducted by Coalfire Systems a respected cybersecurity services company.