secunia.com Secunia Data Security Secunia is located in Denmark in northern Europe, a very stable region of the world. Denmark is a full member of the EU, and a found- ing member of the NATO and the OECD. All of the above provide the stability and foundation for Secunia as one of the strongest players in the global security market. The security and integrity of Secunia’s network is crucial for Secunia and its customers. The internal security policy at Secunia describes strict guidelines for handling customer data and other sensitive information. All data transferred to the Customer Area (including data from the Secunia Corporate Software Inspector) is sent via industry standard SSL-encrypted HTTPS connections. The data sent to Secunia is non-personal data only. The data is generic, standardised, and originates from installed programs and operating system on the devices, never from their configuration. Following is a sample data that is sent to Secunia: c:\CD1\SETUP.EXE - PE Timestamp : 0x45d6922f - Version : 5.2.3790.3959 - VendorName : Microsoft Corporation - FileDescription : Welcome to Windows Server 2003 - FileVersion : 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) - InternalName : autorun - LegalCopyright : Microsoft Corporation. All rights reserved. - Filename : AUTORUN.EXE - ProductName : Microsoft Windows Operating System - ProductVersion : 5.2.3790.3959 All passwords for the Customer Area are hashed. Customers can securely change their passwords via SSL to ensure that the passwords are confidential. Minimum length for the password is 8 characters. Secunia will never ask for your password. Lost passwords can only be reset after contacting your account manager at Secu- nia. No details are shared with any third party. The information is stored for as long as the account is active. Customers can delete host data if they wish, and it will be immediately removed from the active database. The data will only be present in backup archives for approximately 30 days. Secunia follows best practices in regards to data separation and ACL-based security models. All offline backups are encrypted. Data