Skip to main content

Team Security Practices Overview

Limina builds software in a security conscious manner. This page will give some insight into the processes and measures the engineering team engages in.
Exact policy details on software development practices can be found here: Limina Trust Center.

Application Security best practices

Limina follows security best practices and engages in secure development processes that include regular vulnerability assessments at the code, application and container levels. Vulnerability remediation is conducted according to the SLAs below.
If you have any questions about our processes, feel free to reach out to the team!

SLA for security patches

Limina addresses security issues within the following SLA: Based on the CVSS v3.0 rating system
  • Critical: Within 48 hours of CVE publication and resolution availability
  • High: Within 2 weeks of CVE publication and resolution availability
  • Medium and under: Within 1 month of CVE publication and resolution availability

Container building

The Limina container is built on an even slimmer slim image to minimize unnecessary dependencies which reduces the container size as well as exposure to dependency vulnerabilities.

SOC 2, ISO 27001 and other certifications

Is Limina certified?

As a company, Limina is ISO 27001:2022 and SOC2 Type 2 certified and compliant for our internal operations and processes. You can find out more in the Limina Trust Center.

Does Limina provide proof of X, Y, Z security certification?

The Limina product is deployed and managed exclusively within the customer environment, by customer staff, on-prem or within the customer managed cloud. This presents several significant security differences when compared to a SAAS or cloud hosted product:
  • ISO 27001 compliance: Applicable in context of Limina’s internal operations
  • SOC 2 compliance: Not applicable, this applies to the operations of the customer environment
  • Penetration Testing: Not applicable, this applies to the security of the customer environment
  • Data Processing Agreement (DPA): Not applicable, this applies data management within the customer environment
  • Business Associate Agreement (BAA): Not applicable, this applies data management within the customer environment