Upbound, the control plane company behind the popular open source project Crossplane, has completed its Service Organization Control (SOC) 2 Type II assessment and added a Trust Center with a vulnerability disclosure program. These investments validate Upbound’s commitment to security and trust standards.

“Today, Upbound underscores its commitment to enhancing security best practices in all of our offerings by adhering to SOC 2 Type II compliance standards and launching an official trust center,” said Sumbry, vice president of engineering at Upbound. “These major steps enable more customers to start standardizing on Crossplane with Upbound as their single point of control and visibility for infrastructure and application resources across multiple clouds and platforms.”

SOC 2 Type II is an audit by the American Institute of Certified Public Accounts (AICPA) to confirm a company has policies and controls around handling customer or client data in five categories: security, availability, processing integrity, confidentiality, and privacy. Upbound completed the assessment for its customers and partnered with Drata to achieve compliance and continuously monitor security controls across its products, including its flagship product Upbound powered by managed control planes and Universal Crossplane (UXP), a downstream distribution of Crossplane.

As part of its continuous commitment to the highest security standards, Upbound works with BreachLock security experts for penetration testing to identify potential security issues, gain insights, and tighten measures in any aspect of its products and services.

Upbound Trust Center
Upbound launched the Upbound Trust Center and an official Vulnerability Disclosure Program to report and document vulnerabilities. Backed by Bugcrowd, the new program enables users and security researchers to report vulnerabilities with fast intake, validation, triage, and contextual remediation.