Trust Center

Start your security review
View & download sensitive information
Search items
ControlK
Welcome to Datadog's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.

Documents

Featured Documents

POLICIES AND PROCEDURESInformation Security Policy
Trust Center Updates

2024 Penetration Test

Compliance
Copy link

We're pleased to announce that summaries of Datadog's and Cloudcraft's 2024 penetration tests (as performed by NCC Group) are available on our security portal. These summaries are accompanied by Letters of Assessment. Please review the summaries and Letters of Assessment at your convenience.

Published at N/A

Datadog's Response to the CUPS Vulnerabilities

Vulnerabilities
Copy link

In response to the recently discovered CUPS Zero-Day Vulnerabilities (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177), Datadog is conducting an internal investigation. If we are vulnerable, we intend to patch our environment in adherence with our Vulnerability Management process. Our process and remediation timelines are outlined in our Vulnerability Management at Datadog white paper, which is available via our Trust Portal.

In the context of customer installed code, the Datadog Synthetics Private Location Worker container image has an affected version of libcups installed in the container. This image is not exploitable if configured using Datadog’s default or recommended configurations. Datadog has patched the affected image. Upgrade your Synthetics Private Locations to version 1.52.0 by following these instructions.

Published at N/A*

Datadog's Response to the OpenSSH Vulnerability

Vulnerabilities
Copy link

In response to the recently discovered Remote Unauthenticated Code Execution (RCE) vulnerability (CVE-2024-6387) in OpenSSH’s server (sshd), Datadog conducted an internal investigation, and has patched all impacted systems. Additionally, our environment is not publicly accessible via SSH. As such, we consider the vulnerability fully mitigated within the Datadog environment.

To check if your systems are vulnerable and guidance on how to remediate any affected systems, please refer to Datadog’s recent Security Labs blog post: RegreSSHion vulnerability CVE-2024-6387: Overview, detection, and remediation.

Published at N/A*

Datadog's Response to Attacks Against Snowflake Customers

Vulnerabilities
Copy link

In May 2024, Mandiant notified Snowflake of unauthorized access to certain customer accounts. It was determined that this access did not stem from a breach of Snowflake’s enterprise environment, but rather compromised customer credentials.

We deployed our internal Detection and Response teams to search for signs of impact, and after a thorough investigation, it was determined that there was no impact to Datadog.

As an added precaution, we have successfully rotated or deleted keys for Snowflake service accounts.

Published at N/A*

Datadog's Response to Sisense Breach

Vulnerabilities
Copy link

We're aware of Sisense's breach disclosure. We're not a customer of their platform so we have no direct impact. However, just like most companies are, we're still in the process of reaching out to all of our critical third-parties to identify any potential exposure from them. So far, we have not discovered any.

Published at N/A*
Powered bySafeBase Logo