ServiceTitan has implemented best-in-class security practices to keep customer data safe. Our security program is based on best practices in the SaaS industry. As such, our goals when executing this program are:
- Trust, Transparency, and Protection of Customers data: ServiceTitan is committed to protecting and keeping the privacy and confidentiality of our customer's data and information. We are also committed to transparency and will respond pro-actively in any situation.
- High Availability and Continuity of Service: you can follow live at https://servicetitan.statuspage.io/.
- Risk & Compliances: Compliance profiles have a list of controls. We compare our SaaS solution, including technology and operations, against these controls.
Okta confirmed that ServiceTitan was not affected by the recent incident in their support organization that exposed session tokens and cookies.
A set of high-profile vulnerabilities have been identified affecting the popular Java Spring Framework and related software components (CVE-2022-22947, CVE-2022-22950, CVE-2022-22963, CVE-2022-22965) generally being referred to as Spring4Shell. ServiceTitan is not affected by these vulnerabilities.
ServiceTitan was not directly affected by CVE-2021-44228; however, some 3rd party products were. All instances of Log4J in 3rd party products used internally have been patched. In an abundance of caution, ServiceTitan continues to monitor its environments for any re-occurrence as part of the company's regular vulnerability management program. In addition, we logged all attack attempts against our product and reproduced each one to confirm none of them were successful.
If you think you may have discovered a vulnerability, please send us a note.