{"id":12844,"date":"2025-04-28T04:39:23","date_gmt":"2025-04-28T11:39:23","guid":{"rendered":"https:\/\/www.coretechnologies.com\/blog\/?p=12844"},"modified":"2025-04-28T04:39:23","modified_gmt":"2025-04-28T11:39:23","slug":"secure-software-practices","status":"publish","type":"post","link":"https:\/\/www.coretechnologies.com\/blog\/company\/secure-software-practices\/","title":{"rendered":"Q&A: How Do You Make Sure Your Software Is Secure?"},"content":{"rendered":"
\"What<\/div>\n
\n  We’re conducting an evaluation of your software from a security perspective and have some questions that we’d like to address to ensure it meets our requirements. To start, can you please explain what your company does to make sure that your software and office infrastructure are free of viruses and malware?<\/p>\n

— Kimberly Z.<\/p>\n<\/div>\n

Hi, Kimberly.<\/p>\n

Even though we’re a tiny company, security is a big deal around here.<\/p>\n

Most importantly, we realize that our number one job is to keep customers like you safe, and that our reputation as a trusted, secure software partner depends on doing that.<\/p>\n

But it’s not only about protecting our commercial software. Yes, securing our code is very important, but so are the emails we send, the documents we share and the order information we collect. The truth is that all parts of our business must meet a high standard of privacy and security to fulfill our obligations to the hundreds of companies that have put their faith in us.<\/p>\n

So let’s dig into the details of our security program to answer your questions. Here are a dozen things that we do to make sure that we are good stewards of your trust.<\/p>\n

\n

1. We digitally sign all our products<\/h2>\n

When you download a program over the internet, how can you be sure that it’s authentic? That it comes to you straight from the authors — and wasn’t doctored to include a virus or malware?<\/p>\n

To make sure that you receive our applications tamper-free, we code sign<\/a> all our executables. That way when you see our company information prominently displayed, you can rest assured that what you’re installing is valid and intact.<\/p>\n

Windows will prompt you with our company information when you’re installing one of our programs:<\/p>\n

\"AlwaysUp<\/a><\/div>\n

And you’ll always find our digital certificate when you view the properties of any of our secure software:<\/p>\n

\"Core<\/a><\/div>\n

We should also mention that our company only deploys higher-grade Extended Validation (EV)<\/a> code signing certificates, which are subject to additional validation and technical requirements. Because of their stringent requirements, only verified, legitimate companies are granted EV certificates.<\/p>\n

\n

2. We virus-check every software release<\/h2>\n

It’s very important to check for viruses at every stage of the software production pipeline. And, most importantly, the final product must be pristine. That’s why we engage third-party services to verify that nothing strange has crept into our software.<\/p>\n

Virustotal<\/a> — a well-respected online virus-scanning engine owned by Google — is our tool of choice in this area. We run all our applications through Virustotal — and we don’t release if it detects any oddities.<\/p>\n

For example, you can see the results of checking Service Protector here<\/a>. None of the 96 virus scanners found a problem: <\/p>\n

\"Service<\/a><\/div>\n

In addition to Virustotal, we also rely on Download3K<\/a>. They regularly verify our programs with popular antivirus engines, including McAfee<\/a>, Avast<\/a> and Avira<\/a>.<\/p>\n

As you can see below, Download3K’s Service Protector Antivirus Report<\/a> shows no trouble either:<\/p>\n

\"Service<\/a><\/div>\n

Note that in the unusual circumstance where one of the antivirus scanners actually raises a flag with our software (or site), it usually turns out to be a false alarm. To resolve the issue, we promptly report the details to the antivirus manufacturer<\/a> and they update their scanners to fix the problem. That happens once or twice a year — often after we publish a new release.<\/p>\n

\n

3. We’re trained in secure coding practices<\/h2>\n
\"We're<\/div>\n

Our team of senior engineers is well versed in secure coding techniques. Indeed, we’ve seen a lot of exploits over the past 20+ years!<\/p>\n

But new threats are constantly emerging and resting on our experience is not an option.<\/p>\n

To keep us on our toes, regular developer training focuses on the OWASP Top Ten<\/a> and covers common issues like:<\/p>\n