Security

This page covers our security practices and policies.

General practices

Access to source code and third-party tools are secured with multi-factor authentication.
We use strong, randomly-generated passwords that are never re-used.
We use automatic security vulnerability detection tools to alert us when our dependencies have known security issues.
User passwords are hashed using argon2 before being stored.

Software development practices

We use a variety of testing strategies to ensure code quality, including: unit testing, integration testing, and fuzzing.
We exclusively use memory safe languages.
We configure our linters to check for unsafe code patterns.

Vulnerability scanning

Our dependencies are checked for known vulnerabilities by automated tooling. We take a proactive approach to updating vulnerable dependencies and redeploying the Amaya platform.

Any questions about our security practices? Contact us.