Skip to main content
Polygon Labs engineering teams follow secure coding guidelines and industry standards for secure development. The primary reference is OWASP, which provides guidelines, tools, and resources for identifying and mitigating security risks in software.

Threat modeling and risk assessment

Development begins with threat modeling and risk assessments to systematically identify and prioritize potential security threats and vulnerabilities in systems and applications. These activities inform resource allocation, focusing effort on the areas that present the greatest risk.

CI/CD security controls

Continuous integration and continuous deployment (CI/CD) pipelines are enforced across all code repositories. Automated security testing and scanning tools run in the pipeline to detect vulnerabilities early in development, before code reaches staging or production environments.

Pre-production assessments

After development and internal testing, all applications intended for production undergo further evaluation. This includes internal or external assessments such as penetration testing, security audits, and participation in bug bounty programs. These activities validate security controls, identify weaknesses, and address them before deployment.