Why are there more and more cyber attacks on software development environments and how is software company security becoming a key issue in the supply chain?
We receive information from or on behalf of our customers and their users, and for most of such data, we act as a “processor.” Because of the nature of the White Shark and other White Hat services, this information may contain any type of personal data. For example, we may collect the following categories of information, that may be Processor Data, through the White Shark MSS:
Some of the technical information listed above is considered personal data in certain contexts. White Hat also collects Processor Data through the technology described in the “Cookies and Similar Automated Data Collection” section below. We use Processor Data as described in the following section.
Subject to our contractual obligations, and depending on the particular White Hat services, we may use and disclose the information described above (sometimes in combination with other information we obtain, such as from our customers) as follows:
Many White Hat Services like White Shark MSS use automated technology to recognize and defend against cybersecurity risks, such as by blocking or quarantining suspected malicious data. To better protect our customers and assist them with their own security compliance, some White Hat services use external threat information gathered in these situations to improve security for customers of White Hat services in similar situations. For example, if certain White Hat services determine that a hacker is attacking some of our customers, we may use information about that threat in order to help protect other customers from similar attacks. This provides our customers’ data with much better protection than what would be possible if our services could not learn from experience. We handle “Threat Data” like this as described in the “Privacy Practices Specific to Controller Data” section below.
Subject to our contractual obligations, and depending on the particular White Hat Services, we may disclose the information described above as follows:
As described above, we act as a processor for most of the White Hat Services. We are, however, a “controller” under applicable law with respect to Controller Data. Controller Data includes two general categories of data: Business Data and Threat Data.
For example, we may collect certain data about customers, prospective customers, partners and their personnel (“Business Data”), which may include:
We obtain Business Data directly from the relevant individuals or their employers, and also from third-party sources, such as distributors, resellers and partners, credit card issuers, clearinghouses, data brokers, fraud databases, referrals from customers and users, as well as publicly available sources such as company websites.
In connection with some White Hat Services, White Hat is also considered a controller of certain personal data relevant to security threats, i.e. “Threat Data.” To the extent it is personal data, IP addresses, device identifiers, URLs, and other data associated with malicious activity are part of Threat Data. We obtain Threat Data through White Hat Services, publicly available sources such as online forums, other security providers and researchers, and independent research.
White Hat also collects Business Data and Threat Data through the technology described in the Cookies and Similar Automated Data Collection section below. We use all Controller Data as described in the following section.
White Hat uses Controller Data as follows:
Subject to our contractual obligations, we share the information described above as follows:
The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your personal data. To the extent those laws apply, our legal grounds for processing Controller Data are as follows:
We may also process personal data for the same legitimate interests of our customers and business partners.
We offer the options described below for exercising rights and choices under applicable law. Many of these are subject to important limits or exceptions under applicable law.
In addition, the law of your jurisdiction (for example, within the European Economic Area) may give you additional rights to request access to and rectification or erasure of certain of your personal data we hold. In some cases, you may be entitled to receive a copy of the personal data you provided to us in portable form or to request that we transmit it to a third party. The law may also give you the right to request restrictions on the processing of your personal data, to object to processing of your personal data, or to withdraw consent for the processing of your personal data (which will not affect the legality of any processing that happened before your request takes effect).
You may contact us as described below to make these requests.
We and third parties may use automated means to read or write information on users’ devices, such as in various types of cookies and other browser-based or plugin-based local storage (such as HTML5 storage or Flash-based storage).
These technologies help us (a) keep track of whether you are signed in or have previously signed in so that we can display all the features that are available to you; (b) remember your settings on the pages you visit, so that we can display your preferred content the next time you visit; (c) display personalized content; (d) perform analytics, and measure traffic and usage trends, and better understand the demographics of our users; (e) diagnose and fix technology problems; and (f) otherwise plan for and enhance our business.
Also, in some cases, we may through no fault or intention of our own facilitate the collection of information by advertising services administered by third parties (i.e. Google, ISP or domain provider). These ad services may track users’ online activities over time by collecting information through automated means such as cookies, and they may use this information to show users ads that are tailored to their individual interests or characteristics and/or based on prior visits to certain sites or apps, or other information we or they know, infer or have collected from the users. For example, these providers may use different types of cookies, other automated technology, and data (i) to recognize users and their devices, (ii) to inform, optimize, and serve ads and (iii) to report on our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services (including how they are related to visits to specific sites or apps).
To learn more about interest-based advertising generally, including how to opt out from the targeting of interest-based ads by some typical ad service providers, visit aboutads.info/choices or youronlinechoices.eu from each of your browsers. You can opt out of Google Analytics and customize the Google Display Network ads by visiting your Google Ads Settings. Google also allows you to install a Google Analytics Opt-out Browser Add-on for your browser. If you replace, change or upgrade your browser, or delete your cookies, you may need to use these opt-out tools again. We do not respond to browser-based do-not-track signals.
Please visit your mobile device manufacturer’s website (or the website for its operating system) for instructions on any additional privacy controls in your mobile operating system, such as privacy settings for device identifiers and geolocation.
Certain White Hat Services allow our customers and users to make international data transfers to third parties, for which they are solely responsible.
If a password is used to help protect your personal information, it is your responsibility to keep the password confidential. Do not share this information with anyone.