Trust Center

Start your security review
View & download sensitive information
Search items
ControlK

Welcome to Orca Security's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.

Unity-company-logoUnity
SAP-company-logoSAP
Digital Turbine-company-logoDigital Turbine
Autodesk-company-logoAutodesk
Wix-company-logoWix
Gannett-company-logoGannett
Lemonade-company-logoLemonade
Wiley-company-logoWiley
Vercel-company-logoVercel
Sisense-company-logoSisense
Docebo-company-logoDocebo
FourKites-company-logoFourKites
Network Diagram

Trust Center Updates

CrowdStrike outage

VulnerabilitiesCopy link

We are aware of the ongoing CrowdStrike outage and want to reassure our customers that Orca remains unaffected. Our security measures and protocols continue to operate without interruption, ensuring that your data remains secure.

Published at N/A

Snowflake

VulnerabilitiesCopy link

We are aware of recent reports related to a potential compromise of certain Snowflake accounts. Orca remains unaffected; no Snowflake accounts managed by Orca were targeted or compromised in this incident. Snowflake has also confirmed to us that they have no indicators of compromise for any of our accounts. As well we continued with further due diligence to ensure our data security.

Published at N/A

Critical XZ Utils Supply Chain Compromise Affects Multiple Linux Distributions (CVE-2024-3094)

VulnerabilitiesCopy link

Our company remains unaffected by the CVE-2024-3094 vulnerability; A malicious backdoor has been discovered in the XZ Utils package, a popular data compression library used in major Linux distributions, affecting XZ Utils versions 5.6.0 and 5.6.1. The vulnerability could allow an attacker to gain unauthorized access to the system and is being tracked as CVE-2024-3094 with a CVSS score of 10 – the highest possible score.

Sincerely, Orca Security team.

Published at N/A*

Libwebp CVE-2023-4863

VulnerabilitiesCopy link

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Orca considers this vulnerability remediated. Orca Security promptly patches zero-day and critical vulnerabilities leveraging central asset management and Orca Platform, with detection and remediation capabilities. In addition, Orca implements security check in the code evaluating any vulnerable dependencies. We keep monitoring for this vulnerability and many more.

Sincerely, the Orca Security team

Published at N/A

HTTP/2 Rapid Reset Attacks and Vulnerability

VulnerabilitiesCopy link

Our company remains unaffected by the HTTP/2 vulnerability, thanks to the robust protections offered by AWS CloudFront, AWS WAF and the expeditious protection of our Orca Platform. Orca diligently reports about zero-day, new and trending vulnerabilities for all our production assets and cloud infrastructure. We make sure our infrastructure and service is not disrupted leveraging the above described solutions, while DDoS can only be contained, we took all needed measures on the matter.
If you are a customer and you have any additional inquiries, you are welcome to reach us in compliance@orca.security or to submit an RFI to your CSM.

Sincerely, the Orca Security team

Published at N/A*

If you need help using this Trust Center, please contact us.

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo