Camunda Security Guide

This page describes Camunda BPM (also referred to as the 'software') from a security perspective. It has four parts:

1. Security Policy: Describes the software's security policy, including how we deal with security issues and how the security of the software is continuously maintained.

2. Instructions for operating the software securely: Provides an overview of how to secure a Camunda installation. In order to secure a Camunda installation, Camunda itself must be configured correctly and it must be integrated correctly into its environment. This section also identifies areas where we consider security issues to be relevant for the specific Camunda BPM product and listed those in the subsequent sections. Compliance for those areas is ensured based on common industry best practices and influenced by security requirements of standards like OWASP Top 10 and others.

3. Security Notices: Announcements of known vulnerabilities for which fix releases and/or practical workarounds are available.

4. Reporting a Vulnerability: Explains how to report a security vulnerability to Camunda.