Liferay Trust Center

Liferay prioritizes security: 

• Established in 2012, Liferay’s DXP Vulnerability Disclosure Program enables responsible reporting and swift patching for both internal and external vulnerabilities. 

• As a CVE vendor, we actively contribute to the public record of known security issues (CVEs), empowering customers to stay current on critical security updates. 

• Liferay’s SaaS offering builds upon the proven foundation of Liferay’s self-hosted product. This ensures a secure and scalable cloud-based solution, allowing customers to focus on content creation while we handle patching, upgrades, 24/7 monitoring, and ongoing security management.

Liferay's global presence is marked by a strong emphasis on data protection, designing products and offerings with robust security measures to safeguard information. This includes: 

• Enforcing strict data access policies

• Carrying out comprehensive vendor evaluations

• Carefully selecting and regularly educating our employees

• Consistently aligning our practices with the evolving landscape of privacy regulations. Additionally, our agreements explicitly outline our commitment to complying with all applicable data protection laws.

We adhere to the most current FOSS licensing compliance standards. We apply the community best practices to mark our own code. We offer our customers SBOM in ISO/IEC 5962 SPDX format (as well as CycloneDX, if required).

Liferay’s Code of Business Conduct and Ethics, our Environmental Social Governance report, our Anti-Slavery statement, and our Whistleblowing channel demonstrate that we prioritize integrity and compliance.