Product Security is paramount to Locker before we bring the product to users. We believe that securing a product is not a one-time event but a continuous process. For the Locker team, secure product design and implementation have an indispensable role in software development. At the same time, we are also aware that there can be security vulnerabilities out of the initial design scope. Therefore, security monitoring and testing are performed on a daily basis at Locker.
Locker applies 3 methods of security testing:
- Testing by the internal team: Locker is developed by CyStack, one of the leading cybersecurity companies in Vietnam. We have a team of talented security experts that are recognized in the global security community. They are directly involved in Locker's security design, testing, and monitoring.
- Testing by independent partners: We are working with a number of independent security partners who have many years of experience in auditing and pentesting password management systems. We will soon release their security reports for Locker.
- Tested through Bug Bounty programs: Locker is running a bug bounty program on the WhiteHub community security platform. Thousands of security experts around the world are helping us find vulnerabilities and make Locker more secure.
Security testing is done as a precaution and we will address any security issues as soon as they are discovered. It should be emphasized that no matter how critical a security issue may be, none of the Locker user data would be accessible to any bad actor.
Even in the unlikely event of Locker being hacked or the database being leaked, user data will remain perfectly safe because Locker uses End-to-end Encryption and user data has been locally encrypted. Any data breached would look like gibberish to attackers.