Code Security Audits

Sandfly takes proactive steps to ensure our code complies with industry best practices for security and stability. This process includes automated and manual code audits outlined below.

Veracode Verified Standard

All Sandfly builds go through automated static and dynamic audits by Veracode. The Veracode Verified Standard represents that Sandfly's application security practices are embedded into the software development process in the following ways:

  • Assessment of first-party code using static analysis.

  • Dynamic analysis of UI and API components.

  • Confirmation that the application does not allow flaws that can compromise security or stability of the product.

  • Developer access to remediation guidance and continuous education around secure coding practices.

Security Audit by Cure53

Sandfly engaged Cure53 to conduct an extensive manual audit of our on-host forensic engines for reliability and assurance against exploitation. This report revealed no exploitable flaws in our code. Cure53 is a highly respected auditing firm that has conducted reviews of many high-profile products such as VPN and password managers used by millions of people.

Customers can access the above audit reports by contacting us during their evaluation.