Security Assurance Review Certificates

Hi there,

I have a client that is making an application to a US Government Program (Los Angeles), that has a high level of security requirements for apps to be accepted.

As part of this, they require documented proof of some type of security assurance review from the following:

  • Vulnerability Scan
  • Risk Assessment
  • Security Audit
  • Penetration Test
  • Source Code Review

Are any of these something that Bubble would be able to provide a document for that we could present as proof? And how would we go about obtaining this? If not, are there any recommendations on services that would provide such a document in relation to my client’s Bubble app?

Thanks in advance,
Dave.

Hey Dave,
I hope you’re doing well.

You can have a look at @flusk’s website and reach out to them. They deliver security audits with certificates for Bubble apps.

3 Likes

Thanks! That looks like it will be very useful. I’ll send their website over to my client now.

Much appreciated.

This cannot be provided as Bubble owns the source code of their engine. Logic can be reviewed, but exploits within Bubble’s own platform can still exist and can’t be reviewed as we don’t have the code.