Delphix takes an active approach towards the discovery of vulnerabilities by employing third-party VAPT (vulnerability and penetration testing) Teams on an annual basis, as well as actively reviewing additional tools to assess our products. We also actively monitor bugs and vulnerabilities against the list of open-source software which is integrated into our products.
Delphix investigates all known vulnerabilities, either found by customers or internally, or discovered by the VAPT Teams. During the course of this investigative process, Delphix works with the reporter of the vulnerability to gather the technical information and determine the appropriate remedial action.
Customers can perform their own security scans and audits using their access through application administrative accounts. Because operating system administrative access is not provided with the closed software virtual appliance, scans executed with this privilege level are consistent with the level of access available in the environment.
As needed, we provide compensating controls and mitigations to reduce the impact of security issues more quickly and deliver fixes as part of the standard software release process described above.
Software delivery security
We deliver our virtual software appliance and upgrade images to customers on a secure server with access control. Additionally, we provide cryptographic signatures for each image, and customers can use these signatures to ensure the software images have not been tampered with.
The virtual appliance communicates with target servers running virtual databases (VDBs). The software is pushed to target servers to facilitate communication for Oracle and SQL Server databases. (Oracle toolkit and Delphix connector, respectively). This software lives outside of the DDDP product appliance, and new versions of the DDDP product will provide updated versions of this software as well.