Introducing G2.ai, the future of software buying.Try now
Security on Bubble
I recently went through a penetration test on my Bubble Applications. Interestingly the results were a concerning. We were unable to achieve GDPR or PCI compliance because of vulnerabilities in the core of Bubble's platform. After logging a ticket to understand if they were going to be resolved, I was told that all 16 of the vulnerabilities were known and most were with development as low priorities and I was not provided a fix for any of them.
In response to my shock at this status, I was told that Bubble that "compliance" is a subjective thing for Bubble as it is up to us (Bubble's customer) to determine if we want to be compliant or not). I actually think that's a fair point of view, except that we want to be GDPR and PCI Compliant but we cannot as the vulnerabilities that are currently known and not fixed within the platform prevent that from happening.
Has anyone else attempted to achieve such an outcome? If so, how have you dealt with it?
1 comment
1
Looks like you’re not logged in.
Users need to be logged in to answer questionsLog In
Hunting for software insights?
With over 2.5 million reviews, we can provide the specific details that help you make an informed software buying decision for your business. Finding the right product is important, let us help.
