At VerifyWise, security is at the core of our open-source AI governance platform. We are committed to maintaining a secure environment throughout the entire development lifecycle, from external code contributions to deployment. 

Our transparent and community-driven approach fosters collaboration while ensuring that security remains a top priority. 

Below are the key areas of focus in our security practices.

1. Secure development practices

We commit to secure development practices. We ensure that all code contributions, including from external contributors, are safe. Automated vulnerability scanning, license violation checks, and commit reviews for credential leakage are mandatory steps in our process to detect and address security issues before they reach production. Those are provided by GitHub, where we host our source code.

2. Continuous improvement and feedback loop

We value feedback from our community and implement a continuous improvement process. Our open-source model allows security experts and contributors to participate in identifying and addressing potential vulnerabilities. The email security@verifywise.ai can be used for reporting security issues, and we act quickly to resolve them.

3. Compliance and legal requirements

We are committed to complying with all applicable legal and regulatory frameworks, including privacy laws such as the GDPR. We work closely with our Data Protection Officer (security@verifywise.ai) to ensure we adhere to the latest regulatory requirements, safeguarding the privacy of users and maintaining compliance with security standards.

4. Deployment and monitoring

While VerifyWise is not a SaaS solution, we ensure that our deployment processes are secure by incorporating automated testing, vulnerability scans, and continuous monitoring. We provide best-practice guidelines for our users to follow when deploying VerifyWise to ensure security in their environments.

5. Application security

Our platform implements strong security measures such as encryption for data at rest and in transit. We use RBAC (role-based access controls) to restrict system access to authorized users only. 

6. Transparency and open source security

As an open-source project, transparency is fundamental to our security philosophy. We welcome contributions from security professionals and developers, creating a process that addresses vulnerabilities faster than closed-source environments.

7. Community security practices and guidelines

Contributors are required to follow secure coding practices, and every pull request undergoes a detailed review process. 

8. Dependency and package management

We rely on GitHub’s automated tools to scan our third-party dependencies for vulnerabilities, ensuring that any libraries or external components we use are secure and up-to-date. Our development workflow includes routine dependency checks and updates to minimize security risks from third-party software.

9. Code review and approval process

Our internal team and community members perform code reviews on all contributions. This ensures that any security flaws are caught before they are merged into the codebase. This process includes automated security checks and manual reviews.

10. Open governance and contributor trust

To maintain control over project security, we implement an open governance model that ensures trusted contributors are selected based on their expertise. We actively monitor and verify the integrity of all maintainers and contributors, minimizing risks from internal threats or compromised accounts.

11. End-user responsibility and security considerations

Since VerifyWise is distributed as an open-source product rather than a hosted SaaS, end-users are responsible for secure deployment and management. In the future we’ll provide extensive documentation on secure configuration, deployment best practices, and ongoing maintenance to help users safeguard their environments.

At VerifyWise, we are committed to continuously improving our security practices to protect our users and their data. Our proactive approach to cybersecurity ensures that we provide a secure and reliable platform. We are dedicated to evolving with the ever-changing digital landscape, enhancing our security posture over time.