Making Our Products More Secure
As the industry-leading virtualization software company, VMware takes customer security and safety very seriously. VMware has well-established programs and practices to identify and remediate security vulnerabilities in our products and to mitigate software security risks to customers. These programs are constantly evolving based on our own experiences, changes in the threat landscape, and our learnings based on industry observation and collaboration.
The VMware Security Engineering, Communications & Response group (vSECR) is the central organization within VMware responsible for developing and driving software security initiatives across all of VMware’s Research and Development organizations to reduce software security risks. The vSECR group takes a full lifecycle approach to product security from product inception to product end of life. VMware, through vSECR, is committed to the ongoing security of our products and the safety of our customers.
Third-party certifications such as Common Criteria and FIPS provide independent validation of the security of VMware products. These certifications are listed along with links to the official certificate or report.
Security Hardening Guides provide prescriptive guidance for customers on how to deploy VMware products in a secure manner. This guidance includes script examples and other information to help with security automation.