/
🔐 Security

🔐 Security

Welcome to the Security space!

Purpose

The primary role of the Security Team is to identify the risks the company faces and reduce them to an acceptable level. We ensure that security best practices are followed, safeguard the security of our applications, and proactively address new vulnerabilities and incidents. Our goal is to maintain the confidentiality, integrity, and availability of our services.

While the Security Team's mission is to safeguard both Rocket.Chat and our customers, this goal can only be realized through collaboration, making security everyone's responsibility across the organization.

Structure

The structure of the Security Team can be divided into four main areas. While we do have specialists in each of these areas, it doesn’t mean that an Application Security Engineer can’t assist with GRC or Offensive Security, nor that an Offensive Security Engineer can’t support Incident Response, for example. These are simply the areas of focus for our Security Team, and as a team, we collaborate with each other as much as we can.

The activities of each area are divided as follows:

Offensive Security

Defensive Security

Application Security

Governance, Risk, and Compliance (GRC)

Offensive Security

Defensive Security

Application Security

Governance, Risk, and Compliance (GRC)

At Rocket.Chat, Red Team and Offensive Security are used interchangeably. It encompasses:

  • Phishing Campaigns

  • Adversary Simulation

  • Penetration Testing

At Rocket.Chat, Blue Team and Defensive Security are also used interchangeably. It encompasses:

  • Incident Response

  • Threat Hunting

  • Threat Intelligence

  • Security Monitoring

  • Identity & Access Management (IAM)

  • Cloud Security

Application Security or simply AppSec encompasses:

  • Vulnerability Scanning (SAST, DAST, SCA, Secrets)

  • Vulnerability Management

  • Threat Modeling

  • Code Review

GRC encompasses:

  • Policy Management

  • Risk Management

  • Regulatory Compliance

  • Security Training

Communication and Information

Discussion Channels

Mailing Lists

Compliance

Vulnerability Disclosure

Policies

See Security Policies

Playbooks

Playbooks help us to standardize certain processes around security and enable transparency on how we work. The following are the security playbooks.

Refer to Security Playbooks

Related content