Overview
Faros' commitment to data privacy and security is embedded in every part of our business. This page outlines the high-level details for several of the frameworks, regulations, and certifications that apply to our company and its products.
Please contact security@faros.ai with specific questions or requests.
Compliance
Documents
Risk Profile
Product Security
Reports
Data Security
App Security
Legal
Access Control
Infrastructure
Network Security
Corporate Security
Policies
Security Grades
Trust Center Updates
The Faros Infosec team has evaluated our exposure to the Spring Framework Java framework remote code execution (RCE) vulnerability (CVE-2022-22965), also known as Spring4Shell. The vulnerability was disclosed on Tuesday, March 29, 2022.
We determined that none of our services were affected by the vulnerability.
The Faros Infosec team has evaluated our exposure to the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell. Log4j is a Java-based logging utility found in a wide number of software products. The vulnerability was disclosed by the Apache Log4j project on Thursday, December 9, 2021.
We immediately deployed recommended mitigations and began to roll out permanent remediation. As of December 10, 2021, remediation in our production environments was complete. There has been no member or customer impact.
If you think you may have discovered a vulnerability, please send us a note.