Product Security
Cellebrite implements the Secure Software Development Lifecycle (SDLC) that ensures security is embedded in our development and deployment processes and establishes the implementation of the security deliverables in alignment with the software development lifecycle.
Cellebrite implements the Secure Software Development Lifecycle (SDL-C) that ensures security is embedded in our development and deployment processes and establishes the implementation of the security deliverables in alignment with the software development lifecycle.
At the Planning phase, security requirements are collected and added to the system requirements.
At the Design phase, our security architect perform a Threat Modeling Assessment (TAM) and design the security controls required for the security risk mitigation.
At the Development phase, we utilize the best-in-class security scanning tools that perform Static Application Security Testing (SAST), Software Composition Analysis (SCA) and Image Scanning to identify vulnerabilities in the code developed by our engineers and in the open-source components.
- Vulnerabilities are prioritized using the advanced tools, industry methodology and manual assessments.
- Mitigation of vulnerabilities is handled in accordance with the company policy.
At the Validation phase, we perform security validation, API fuzzing and Dynamic Application Security Testing (DAST).
Penetration Testing
- Conducted by a 3rd party assessor for major product releases.
- Mitigation plan is defined according to the Business Impact Assessment.
Cellebrite R&D employees, including software engineers, DevOps and QA undergo specialized training in Secure Coding with a focus on the software languages and development tools they use in their day-to-day work. Additionally, our security mindset program includes R&D security champions to implement security practices within the R&D teams.
Questions or Concerns?
Should you have questions related to specific security concerns, please reach out to the Product Security team.