We are SOC 2 compliant and take stringent security measures. Each of our customers gets a dedicated tenant environment such that their data is truly isolated from other customer data. We use application firewalls and whitelisting to restrict all traffic into our customer tenants.
It is a software defect, or bug, that affects the Availability or Integrity of an IT system. An operational defect is different from a security defect, or vulnerability. It is not an attack vector like a vulnerability, it is a defect that may cause an unexpected system outage or data corruption.
Many people believe that their CVE data feed is protecting them from operational defects. It is not. Your security tools only cover Confidentiality and some Integrity defects. Your security tools protect your system from being compromised by an attacker. They do not protect you from unexpected outages.
The core of BugZero's solution is eliminating unnecessary work. Point them to the vendor pages on all of the different ways we filter (status, vendor severity, version they're running in their environment, unnecessary assets (dev, lab, etc.), install status in SN, operational status in SN, component/service filtering, keyword exclusion, etc etc etc.
One of BugZero's goals is to reduce the time spent being reactive, by being proactive. Ultimately, it should reduce the overall time spent dealing with the impacts of operational defects. We offer multiple ways to filter your vendor bugs so that you only see the ones that are important to you.
We currently only support ServiceNow (link to SN store), but are working on a universal API.
We do offer a Proof of Value (PoV) program, which is usually integrated with your ServiceNow development environment.
ISO 31000.
We have outlined our recommendations on our ISO 31000 Risk Management page.
BugZero provides full coverage for several NIST 800-53 controls that most organizations are missing. There is no other solution on the market that provides this coverage.
We are! See our Trust & Security page for more details.
We are a very new product with our priority being customer success! That said, we are working on Case Studies for our early adopter clients which should be available Q2 2023.