Does Secret Server ever call home?
Yes - by default but it can be turned off if undesirable. Secret Server will check once a day to see if any new updates to the application are available. This makes a web request from Secret Server to http://updates.thycotic.net. You can disable this behavior by going to Administration | Configuration and uncheck "
Allow Automatic Checks for Software Updates". The purpose of this web request is to offer an alert to users of the Secret Server to let them know that an update is available.
Does Secret Server contain any backdoors?
Secret Server is widely used by government, military, financial and commercial customers worldwide who would not tolerate any backdoors in the software. We take security very seriously and would never allow any "Easter Eggs" or security holes to be added to the software. Any vulnerabilities found in the software should be immediately reported to Technical Support and they will be addressed immediately.
All code developed for Secret Server is done by our in-house engineering teams (no outsourcing or offshoring) based in our Washington DC office. Code is developed by two developers (pair programming) and is then committed and code reviewed by another pair. All commits are reviewed. This ensures that all code is reviewed by multiple developers.
Article ID: 137, Created On: 12/14/2010, Modified: 12/14/2010