Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

Welcome to gridX's Security Portal.

Our customers trust us with a crucial part of their business in a very sensitive and regulated area. We understand that if our services are unreachable, your company’s success might be affected. Consequently, we aim to go beyond industry best practices and be transparent about the security measures we take.

We actively foster a culture of security. As part of the development of new features and components, potential security issues are being analyzed and measures are taken. On this page, we provide an overview of gridX security measures and principles and dive into details of the respective components and how these security measures apply there. This page is not guaranteed to be a complete picture of all measures gridX applies as these are constantly evolving.

We adhere to industry best practices and we are working towards compliance certifications.

ChargePoint-company-logoChargePoint
E.ON Deutschland-company-logoE.ON Deutschland
Viessmann-company-logoViessmann
Soly-company-logoSoly
Fastned-company-logoFastned
ChargeOne-company-logoChargeOne
Swiss Post-company-logoSwiss Post
Homenergy-company-logoHomenergy
Information Security Policy

We may provide security-related reports upon request.

We are working on our security compliance. We can provide completed questionnaires upon request.

Trust Center Updates

gridX is not Affected by CVE-2024-6387 (regreSSHion)

VulnerabilitiesCopy link

A new vulnerability, designated CVE-2024-6387, has been discovered in the renowned OpenSSH popular set of tools. The vulnerability, named "regreSSHion" allows remote attackers to gain root privileges on Linux servers running OpenSSH.

At gridX, we are not impacted by such a vulnerability as we are not utilizing OpenSSH on our servers and, hence, are not impacted by this issue. The gridX security and infrastructure teams will continue to monitor the situation and post updates to this security portal, should we find out that gridX is impacted in any way, shape, or form.

Published at N/A

gridX is not Affected by the Polyfill.io Supply Chain Vulnerability

VulnerabilitiesCopy link

After the ownership of the polyfill.io domain, on June 25th, 2024, Sansec revealed that the popular polyfill.js project has been serving malware to web applications embedding the cdn.polyfill.io domain within their content.

The gridX security, infrastructure, and concerned developer teams immediately confirmed that none of gridX's web applications utilize the impacted domains, such as cdn.polyfill.io, bootcss.com, staticfile.net, newcrbpc.com`, and so forth.

Published at N/A

gridX is not impacted by the XZ Utils Backdoor

VulnerabilitiesCopy link

In response to the publication of CVE-2024-3094, commonly known as the "XZ Utils Backdoor", our security and infrastructure teams worked to assess whether gridX is impacted by such an issue.

While investigations of this issue are still ongoing, as of now, we found no evidence that the Linux distributions and the versions of libraries that are impacted, such as liblzma and xz, utilized within our cloud infrastructure and on our hardware are vulnerable.

Should we discover that gridX is impacted in any way, shape, or form, we will swiftly remediate this issue and contact any affected gridX partners, in accordance with our security incident response policy and plan.

Published at N/A

gridX is not affected by CVE-2023-22522 - RCE Confluence Server Vulnerabilities

SubprocessorsCopy link

This week one of our subprocessors, Atlassian, reported a critical vulnerability in their Confluence Data Center and Server services in versions between 4.x.x through 7.x.x and a number of 8.x.x versions.

At gridX, we utilize a few Atlassian services to keep a knowledge base and track our tasks and goals, the content of which may include some basic information about our customers but no personal data is stored there. Furthermore, "Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue." That is, being a user of Atlassian Cloud, gridX and the Atlassian services it utilizes, are not affected by the aforementioned vulnerability.

Similarly, gridX is not affected by the more recent critical vulnerability, CVE-2023-22527, due to the same reasons mentioned above.

Published at N/A*

gridX is not affected by the New Relic breach

SubprocessorsCopy link

Given that a few of our subprocessors happen to be impacted by New Relic's recent breach, our security team started an investigation to assess whether any of our customers' data may have been impacted.

The result of this investigation was that no customer(-related) data was impacted by such an attack, which mainly impacted staging environments of New Relic on which data is stored that "provide visibility into how [New Relic's] customers are using New Relic and certain logs".

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo