Security at CodeZone
Security is not an afterthought - it is embedded in every layer of how we build and operate.
Secure by Design
Security is embedded from the first line of code. Every system we build follows defence-in-depth principles, threat modelling, and zero-trust network architecture.
Encryption at Rest & Transit
All client data is encrypted at rest using AES-256 and in transit using TLS 1.3. Encryption keys are managed via dedicated HSMs.
Continuous Monitoring
Our Security Operations Centre operates 24/7, monitoring all systems for threats and anomalies using our own SecureNet platform.
Penetration Testing
We conduct annual penetration tests across all internet-facing systems, carried out by CREST-accredited third parties.
Vulnerability Disclosure
If you discover a security vulnerability on our website or in our products, we ask that you report it responsibly. Please email info@codezone.af with details of the vulnerability. We commit to acknowledging your report within 48 hours and keeping you informed of our progress.
Scope
Our vulnerability disclosure policy covers codezone.af and all subdomains, our commercial products (CommLink Pro, DevPortal, SecureNet), and our client portal. It does not cover third-party services we use.
Our Commitments
We will not pursue legal action against researchers who report vulnerabilities in good faith and follow responsible disclosure practices. We ask that you avoid accessing or modifying client data, do not perform denial-of-service testing, and give us reasonable time to remediate before public disclosure.
Bug Bounty
We do not currently operate a formal bug bounty programme. However, we publicly acknowledge researchers who report valid vulnerabilities, with their permission.