Upbound Invests in Security Standards with SOC 2 Type II Assessment and New Trust Center for Vulnerability Disclosures

Cloud control plane company prioritizes security transparency, bringing Crossplane to enterprise platform engineers to build and run control planes at scale

July 11, 2023 — SEATTLE, WA — Upbound, Inc., the control plane company behind the popular open source project Crossplane, today announced it completed its Service Organization Control (SOC) 2 Type II assessment and added a Trust Center with a vulnerability disclosure program. These investments validate Upbound’s commitment to security and trust standards.

As Crossplane, the open source framework for building cloud native control planes, has matured since 2018, platform engineers at enterprises increasingly use it as their standardized point of control to develop and manage their internal development platforms faster. Their rigorous security and data requirements require additional enterprise-grade assurances that Upbound offers.

“Today, Upbound underscores its commitment to enhancing security best practices in all of our offerings by adhering to SOC 2 Type II compliance standards and launching an official trust center,” said Sumbry, vice president of engineering at Upbound. “These major steps enable more customers to start standardizing on Crossplane with Upbound as their single point of control and visibility for infrastructure and application resources across multiple clouds and platforms.”

SOC 2 Type II is an audit by the American Institute of Certified Public Accounts (AICPA) to confirm a company has policies and controls around handling customer or client data in five categories: security, availability, processing integrity, confidentiality, and privacy. Upbound completed the assessment for its customers and partnered with Drata to achieve compliance and continuously monitor security controls across its products, including its flagship product Upbound powered by managed control planes and Universal Crossplane (UXP), a downstream distribution of Crossplane.

As part of its continuous commitment to the highest security standards, Upbound works with BreachLock security experts for penetration testing to identify potential security issues, gain insights, and tighten measures in any aspect of its products and services.

Upbound Trust Center

Upbound launched the Upbound Trust Center and an official Vulnerability Disclosure Program to report and document vulnerabilities. Backed by Bugcrowd, the new program enables users and security researchers to report vulnerabilities with fast intake, validation, triage, and contextual remediation.

“Bugcrowd proudly acknowledges Upbound’s commitment to security, safeguarding its control plane customer ecosystem. They demonstrate a dedication to proactively identifying vulnerabilities and fortifying their defenses,” said Dave Gerry, CEO, Bugcrowd. “Together we enable risk mitigation with prompt remediation, giving platform engineers confidence in a security-first mindset that drives innovation, trust and resilience."

This announcement follows the general availability of Upbound managed control planes. The flagship product enables organizations to use control planes to manage resources across cloud services, environments, teams, business units, and on, backed with performance, scalability, and total lifecycle management at scale.

Learn More

About Upbound

Upbound is democratizing the best-kept secret in cloud computing — the control plane. By leveraging custom APIs, cloud engineers are no longer hindered by configuration drift, multiplying workspaces and frustrated developers. With Upbound, platform engineers get centralized control, governance and stability and developers get the freedom of self-service.

Upbound is the creator and maintainer of the popular open source project Crossplane, a framework for building cloud native control planes. The company is a Series B startup and has raised $69M in total funding. Upbound’s backers include GV (formerly Google Ventures), Altimeter Capital and Intel Capital. For more information, visit upbound.io.

UPBOUND and the Upbound Logo (the “Marks”) are trademarks and service marks of Upbound, Inc. in the U.S. and other countries. You are not permitted to use the Marks without the prior written consent of Upbound.



Media Contact

Kelly Tenn