Security

All components in Primer have been selected under strict criteria. They have a high reputation and consistently implement proprietary recommendations to ensure safety.

We only use components that are actively developed further and whose updates are regularly installed.

With the standard authorization levels of Primer, numerous responsibilities are already clearly separated. The rights of users are thus restricted to a clearly defined set and the actions of the users are traceable.

The Drupal community has established a large collection of measures to ensure the security of Drupal.

The same measures are applied to the development and maintenance of Primer.

In addition, other tools are used, such as monitoring irregularities in all instances.

The development process is implemented with strict automatic tests.

All functions of Primer are fully tested with every code adaptation and thus every update and irregularities are immediately investigated.

The code of all developers is consistently checked and must meet the strict criteria of our "Definition of done".

To ensure secure data transmission, all websites are automatically equipped with https / SSL. Thanks to Let's Encrypt, there are no more recurring costs for certificates.

All affected projects with Primer support are automatically updated with a new release after security updates are released.

The severity level determines the procedure:

• Critical security updates are applied immediately without delay
• Less critical updates are installed at regular intervals

Each case is thus treated individually with the appropriate measures.

For example, the highly sensitive security update SA-CORE-2018-02 was rolled out on all instances within 2 hours.

Innumerable other individual measures to increase security are possible. For example, Single Sign on (SSO) has already been implemented with primers and tools for the integration of Two Factor Authentication (2FA) are also available.