🔐 Security

Purpose

The primary role of the Security Team is to identify the risks the company faces and reduce them to an acceptable level. We ensure that security best practices are followed, safeguard the security of our applications, and proactively address new vulnerabilities and incidents. Our goal is to maintain the confidentiality, integrity, and availability of our services.

While the Security Team's mission is to safeguard both Rocket.Chat and our customers, this goal can only be realized through collaboration, making security everyone's responsibility across the organization.

Structure

The structure of the Security Team can be divided into four main areas. While we do have specialists in each of these areas, it doesn’t mean that an Application Security Engineer can’t assist with GRC or Offensive Security, nor that an Offensive Security Engineer can’t support Incident Response, for example. These are simply the areas of focus for our Security Team, and as a team, we collaborate with each other as much as we can.

The activities of each area are divided as follows:

Communication and Information

Discussion Channels

• RC security channel - day-to-day conversation, invite on request

• RC important - company-wide announcements, including security updates

• RC-security-team - team-internal conversations, all team members are added during onboarding

Mailing Lists

• security@rocket.chat

• privacy@rocket.chat

Compliance

• Security-Compliance Trust Page

Vulnerability Disclosure

• Vulnerability Reports & Disclosure

Policies

See Security Policies

Playbooks

Playbooks help us to standardize certain processes around security and enable transparency on how we work. The following are the security playbooks.

Refer to Security Playbooks