Security Assessment

Security testing is of paramount importance to Locker before we deliver the product to users. We believe that building and ensuring product safety is not a one-time event but a continuous process. The Locker team considers secure product design and implementation a mandatory part of the software development process, but we also recognize that there are security vulnerabilities beyond our initial calculations. Therefore, security monitoring and testing is a daily activity at Locker. Locker applies security testing with 3 methods:

Internal testing: Locker is developed by CyStack, one of the leading cybersecurity companies in Vietnam. We have a talented team of security experts recognized in the global security community, and they are directly involved in the design, testing, and daily monitoring of Locker’s security.
Independent partner testing: We are working with several independent security partners who are companies with years of experience auditing and penetration testing password management systems. We will soon publish their security reports on Locker.
Bug Bounty program testing: Locker runs a bug bounty program through the community security platform WhiteHub. Thousands of security experts around the world are helping us find security vulnerabilities and making Locker more secure.

Security testing is conducted as a preventive measure, and we will fix all security issues as soon as they are discovered. We want to emphasize that no matter how significant a security issue may be, it will never result in a breach of user data. Even in the worst-case scenario where Locker is attacked or the database is leaked, user data will remain absolutely safe because Locker uses end-to-end encryption and user data is encrypted locally, meaning any data obtained by an attacker will be completely meaningless and unusable.

Introduction

Security Fundamentals

Encryption and Decryption

Data Sharing

Security Assessment