Trust and compliance at Mend.io

Mend.io’s information security leadership conducts regular risk assessments to constantly evaluate and improve the level of information security based on business needs and emerging threats.

Mend.io’s information security management program is evaluated by the senior management security committee on a quarterly basis. At Mend.io, we understand that the security of your data and privacy is of utmost importance.

As a leading Application Security company, we prioritize the protection and confidentiality of your sensitive information.

This page provides an insight into our robust security measures, ensuring that your data is in safe hands.

ISO 27001
At Mend.io, we have established an integrated information security management system incorporating controls for both ISO27001 and ISO27017. These controls are reviewed externally every year.

SOC 2 Type II
Mend.io’s controls are evaluated by Schellman, a firm specializing in annual compliance assessments across various industries. Our reporting period spans from May to June of the subsequent year. You can request a copy of this report through your account team.

GDPR
At our company, headquartered in Israel with operations spanning the EU, US, and worldwide, we are committed to the highest standards of privacy and data protection. Our compliance with the General Data Protection Regulation (GDPR), as well as other applicable data protection laws in the US, to which we are subject, ensures we meet stringent privacy requirements. We have established robust internal policies as well as our publicly available Privacy Policy to maintain GDPR compliance and to handle data subjects’ requests concerning their data, demonstrating our dedication to protecting their privacy.

To enhance data protection, we have implemented technical and organizational measures to minimize personal data processing and ensure that only necessary data is processed. In particular, we pseudonymize the email addresses of our customers’ contributing developers using encrypted email addresses through hashes.

Additionally, we have partnered with TrustArc as our Dispute Resolution Service Provider for unresolved privacy concerns data subjects’ may have, adding an extra layer of trust and transparency. It satisfies the Independent Recourse Mechanism requirement for the EU-US Data Privacy Framework, which includes coverage for both Swiss-US and UK Extension.

Further information on how we handle your personal data, the way we use it and your rights, may be found in our online Privacy Policy.

Security bug bounty program
We at Mend.io value the security community and believe that responsible disclosure of security vulnerabilities in open source packages helps us ensure the security and privacy of the users. A responsible disclosure program includes a policy with clear and simple rules of engagement for security researchers to report vulnerabilities they discover. It protects both the developer and researcher, while allowing developers to safely benefit from vulnerabilities discovered by researchers. More information on how to disclose a vulnerability and our responsible disclosure policy can be found here.

Social and environmental commitments

Mend.io holds Social and Environmental commitments which ensure we are focused on addressing problems for our stakeholders and communities. Our commitment to positively impact society and communities can be found on our Impact page here.