FME Flow and Flow Hosted Security Whitepaper

This document is a security whitepaper that outlines Safe Software's approach to security and compliance for FME Flow and FME Flow Hosted. It details the organizational and technical controls implemented to protect data, emphasizing the importance of security in data management. The whitepaper describes the system architecture of FME Flow, including its deployment options and functionalities, and highlights key security features such as network security, access control, and application security measures. It explains the security requirements based on the OWASP Application Security Verification Standard and discusses automated security testing, threat modeling, and security code reviews. Additionally, it covers the management of software supply chain security, the vulnerability disclosure program, and third-party application security assessments. The document also addresses cloud infrastructure security for FME Flow Hosted, detailing automated vulnerability scanning and the engagement of third-party security assessments to ensure compliance with industry standards.