Secure product development
Application changes go through review, dependency checks, and security-focused testing before release.
Security
Security practices for the Shomar platform
Shomar is a security product, so customer trust starts with how we build and operate our own platform. These practices describe the controls we apply across product development, infrastructure, and customer data handling.
Data access controls
Customer data access is limited by role, business need, and operational review. Sensitive actions are designed to be auditable.
Encryption and transport security
Production traffic is protected in transit. Customer data handling follows least-data and retention-aware practices.
Vulnerability management
Security reports are triaged by severity, tracked through remediation, and reviewed for product or process improvements.
Customer responsibilities
Customers should protect API keys, invite only trusted team members, scan systems they are authorized to test, and review remediation recommendations before applying changes in production.
Security contact
For security questionnaires, procurement reviews, or vulnerability reports, contact security@shomarsec.com.