Security at ContraForce

Subject to these Terms, Contraforce grants you a limited, non-exclusive, and nontransferable license to use the website for your personal, non-commercial use on devices owned or otherwise controlled by you (“Device(s)”) and to use the Services strictly in accordance with these Term‌

SOC 2 Type II

ContraForce is SOC 2 Type II compliant. ContraForce has successfully completed a SOC 2 Type 2 examination that verifies the legitimacy of our security controls, policies, and practices. Our SOC 2 Type II report is available to current and prospective customers upon request, subject to the appropriate non-disclosure agreements.

Application Security

ContraForce uses static application security testing (SAST) to improve the security of our development process in the build pipeline. We evaluate source code to scan for vulnerabilities at every stage in development.

Vulnerability Disclosure

ContraForce maintains a Vulnerability Disclosure Program to enable security researchers to securely report vulnerabilities they may have found.

Security Resources

ContraForce maintains several additional online resources related to our policies, terms, and practices:
Terms of Service
Master Subscription Agreement
Privacy Policy
Vulnerability Disclosure