Meta tags:
description= SafeBase monitors your security practices to enable you to win enterprise deals.;
Headings (most frequently used words):
security, font, display, webkit, flex, and, next, public, align, center, margin, data, size, 20px, line, height, box, ms, color, 000000, reports, network, react, 19, flexbox, items, style, normal, 30px, smoothing, antialiased, left, overview, compliance, bigcommerce, is, reviewed, trusted, by, documents, awards, recognition, product, self, assessments, app, ai, quality, legal, privacy, access, control, infrastructure, endpoint, corporate, policies, grades, server, components, 2025, hikzlk, weight, 600, 32, 74px, 11vf6hw, nbudrc, 12px, 6sgiei, 0px, featured, advisory, cve, 2026, 23864, critical, severity, vulnerability, related, to, has, been, disclosed, affecting, versions, penetration, segmentation, test, summaries, posted, european, accessibility, act, eaa, annual, audit, complete, certifications, available,
Text of the page (most frequently used words):
and (62), the (42), security (31), for (23), you (18), react (18), our (17), com (17), bigcommerce (16), are (15), view (15), #vulnerability (14), more (14), #commerce (14), data (14), iso (12), server (11), catalyst (10), your (9), reports (9), access (9), https (9), components (9), iec (9), 2025 (8), compliance (8), this (8), with (8), next (8), trust (7), network (7), versions (7), privacy (7), all (6), these (6), documents (6), platform (6), center (6), management (6), makeswift (6), patched (6), have (5), pci (5), available (5), payment (5), copy (5), link (5), customers (5), critical (5), assessments (5), version (5), that (5), blog (5), impact (5), policy (5), control (5), 2023 (5), built (4), part (4), commitment (4), soc (4), audit (4), secure (4), which (4), risk (4), framework (4), applications (4), penetration (4), using (4), not (4), need (4), vercel (4), cve (4), information (4), procedures (4), policies (4), business (4), protection (4), enterprise (4), report (3), transparency (3), updated (3), review (3), can (3), annual (3), pages (3), experience (3), platforms (3), ensure (3), summaries (3), reviewed (3), days (3), severity (3), include (3), segmentation (3), vulnerabilities (3), release (3), notes (3), details (3), refer (3), affected (3), been (3), cloudflare (3), level (3), latest (3), their (3), disclosed (3), summary (3), 2026 (3), 23864 (3), use (3), service (3), manage (3), evaluated (3), legal (3), continuity (3), transfer (3), responsible (3), dss (3), nist (3), 42001 (3), 27001 (3), purpose (3), issue (2), continued (2), certifications (2), attestations (2), now (2), script (2), authorization (2), section (2), providing (2), tools (2), developer (2), committed (2), european (2), accessibility (2), act (2), eaa (2), including (2), new (2), standards (2), executive (2), findings (2), mobile (2), system (2), both (2), internal (2), production (2), customer (2), storefronts (2), best (2), class (2), follow (2), steps (2), should (2), specific (2), www (2), storefront (2), what (2), actions (2), based (2), includes (2), releases (2), application (2), waf (2), help (2), recommended (2), further (2), changelog (2), related (2), has (2), affecting (2), used (2), upgrade (2), advisory (2), code (2), frameworks (2), subscribe (2), updates (2), processes (2), technical (2), measures (2), keys (2), least (2), defined (2), implemented (2), regulatory (2), requirement (2), provisions (2), before (2), established (2), acceptable (2), response (2), testing (2), endpoint (2), infrastructure (2), logging (2), international (2), whitepaper (2), quality (2), other (2), self (2), diagram (2), recognition (2), partner (2), program (2), download (2), get (2), group (2), trusted (2), provider (2), cisa (2), isac (2), 27018 (2), 27017 (2), 2015 (2), 27701 (2), 22301 (2), 2022 (2), contact (2), stay (2), advanced (2), features (2), against (2), certified (2), think, may, discovered, please, send, note, thank, partnership, directly, from, pleased, announce, successful, completion, understanding, how, keep, resource, hub, complete, creating, inclusive, want, inform, about, came, into, effect, june, significant, legislation, aims, make, wide, range, products, services, digital, accessible, people, disabilities, across, actively, working, offerings, comply, reflecting, dedication, universal, enhanced, user, everyone, visit, navigate, card, were, addressed, accordance, remediation, slas, high, medium, issues, together, validate, effectiveness, overall, architecture, confidentiality, integrity, availability, tests, assess, posture, apis, apps, feed, comprehensive, suite, covering, external, networks, logical, separation, between, practices, completed, third, party, evaluations, test, posted, b2b, buyer, portal, manual, outlined, post, mitigation, announcements, docs, migration, core, here, else, know, taking, upgraded, addressing, also, released, ships, take, running, headless, will, update, following, incorporate, fixes, hosting, those, providers, protections, mitigate, however, upgrading, strongly, posts, rules, 55182, avoid, exposure, well, building, dev, users, maintainers, recommend, who, independently, own, applicable, relates, denial, scenarios, triggered, specially, crafted, http, requests, component, functions, importantly, does, allow, remote, execution, identified, any, environments, aware, recently, cvss, affects, certain, such, archived, repository, requiring, privilege, being, cryptographic, revoked, removed, end, cryptoperiod, when, key, compromised, entity, longer, organization, per, corrective, action, plan, remediate, documented, approved, communicated, applied, maintained, background, verification, designed, according, local, laws, regulations, ethics, contractual, constraints, proportional, classification, accessed, requirements, annually, knowledge, base, faq, login, qualys, ssl, labs, grades, disaster, recovery, incident, employee, training, email, corporate, ids, ips, firewall, device, detection, dns, filtering, separate, environment, google, cloud, officer, dpo, processing, agreement, cyber, insurance, subprocessors, governance, analysis, disclosure, app, erasure, backups, monitoring, caiq, analyst, integrations, product, mach, award, inc, power, gartner, magic, quadrant, awards, assessment, pentest, cio, ciso, featured, bulk, private, public, vodafone, uplift, desk, united, aqua, fold, london, andertons, music, barbara, sturm, one, kings, lane, ollie, liberty, coin, harvey, nichols, king, arthur, baking, diamonds, direct, coldwater, creek, bensons, beds, soletrader, bealls, stores, sports, yeti, cycles, green, roads, deerfield, beach, wcag, csf, 800, rev, processunity, visa, design, pledge, csa, star, fips, 140, ramp, 2019, 9001, soa, cpra, ccpa, shield, dpf, gdpr, sales, support, resources, informed, provide, store, while, beneath, stays, complexity, retail, scale, global, businesses, demand, among, first, certify, standard, fraud, prevention, recommendations, personalization, governed, principles, safety, accountability, under, unlike, general, hold, back, empowers, scalability, needed, thrive, complex, world, aligned, cybersecurity, globally, recognized, ensuring, rigorous, proven, recorded, future, collaborate, communities, like, infragard, monitor, respond, evolving, threats, they, proactive, threat, defense, maintains, merchant, highest, simplifies, demonstrates, protecting, sets, apart, resilience, development, foundational, delivering, reliable, trustworthy, welcome, overview, ask, sensitive, start, powered, safebase,
Text of the page (random words):
bigcommerce commerce trust center powered by safebase start your security review view download sensitive information ask for information get access overview welcome to commerce com s trust center at commerce com security privacy resilience and responsible ai development are foundational to our platform we are committed to delivering a secure reliable and trustworthy e commerce experience for you and your customers what sets us apart best in class payment security bigcommerce maintains level 1 pci dss attestations of compliance as both a merchant and a service provider the highest level available this simplifies your compliance and demonstrates our commitment to protecting payment data proactive threat defense we partner with recorded future and collaborate with security communities like rh isac infragard and cisa to monitor and respond to evolving threats before they impact your business proven compliance frameworks our security program is aligned with the nist cybersecurity framework and certified against globally recognized standards including iso iec 27001 2022 27017 27018 27701 and 22301 ensuring rigorous risk and continuity management purpose built for enterprise e commerce unlike general purpose platforms that can hold you back bigcommerce empowers you with the scalability control and advanced security features needed to thrive in the complex world of enterprise e commerce responsible ai certified under iso iec 42001 bigcommerce is among the first to certify against iso iec 42001 2023 the international ai management system standard our use of ai for fraud prevention recommendations and personalization is governed by principles of transparency safety and accountability built for enterprise e commerce we re purpose built for the complexity of enterprise retail providing the scale control and advanced security features global businesses demand security you can manage we provide the tools to help you manage your store s privacy and security you stay in control while we ensure the platform beneath you stays trusted stay informed subscribe to this trust center for the latest security updates and compliance resources contact us privacy privacy bigcommerce com security security bigcommerce com sales support https www bigcommerce com contact compliance pci dss v4 0 0 gdpr eu us dpf privacy shield ccpa cpra soc 1 soc 2 soc 3 iso iec 27001 2022 iso iec 27001 soa iso 9001 2015 iso iec 42001 2023 iso 22301 iso iec 27701 iso iec 27017 2015 iso iec 27018 2019 tx ramp fips 140 2 csa star rh isac cisa secure by design pledge visa service provider processunity nist 800 53 rev 5 nist csf wcag 2 2 aa bigcommerce is reviewed and trusted by green roads deerfield beach fl yeti cycles i9 sports bealls stores soletrader bensons for beds coldwater creek diamonds direct king arthur baking harvey nichols liberty coin ollie one kings lane dr barbara sturm andertons music co the fold london united aqua group uplift desk vodafone group documents all public private get access bulk download featured documents documents business continuity management program documents cio ciso whitepaper new reports network diagram reports pentest report reports vulnerability assessment report compliance pci dss v4 0 0 data privacy data protection transfer impact summary policies information security policy view all documents awards recognition 2023 gartner magic quadrant 2023 inc power partner 2023 mach impact award view more product security audit logging data security integrations view more reports analyst recognition network diagram other reports view more self assessments caiq other self assessments data security access monitoring data backups data erasure view more app security responsible disclosure application penetration testing code analysis view more ai quality ai governance quality policy legal subprocessors cyber insurance data processing agreement view more data privacy data protection transfer impact summary data protection officer dpo international data transfer whitepaper view more access control data access logging infrastructure google cloud platform infrastructure security separate production environment endpoint security dns filtering endpoint detection response mobile device management view more network security firewall ids ips network penetration testing view more corporate security email protection employee training incident response view more policies acceptable use policy access control policy business continuity disaster recovery bc dr policy view more security grades qualys ssl labs login bigcommerce com a knowledge base faq are the policies and procedures reviewed and updated at least annually are background verification policies and procedures designed according to local laws regulations ethics and contractual constraints and proportional to the data classification to be accessed business requirements and acceptable risk is a risk based corrective action plan to remediate audit findings established documented approved communicated applied evaluated and maintained are cryptographic keys revoked and removed before the end of the established cryptoperiod when a key is compromised or an entity is no longer part of the organization per defined implemented and evaluated processes procedures and technical measures to include legal and regulatory requirement provisions are processes procedures and technical measures to manage archived keys in a secure repository requiring least privilege access being defined implemented and evaluated to include legal and regulatory requirement provisions view more commerce trust center updates subscribe security advisory react server components cve 2026 23864 copy link vulnerabilities we are aware of the recently disclosed react server components vulnerability cve 2026 23864 cvss 7 5 which affects certain versions of react server components used by frameworks such as next js commerce com is not affected by this vulnerability we have not identified any impact to our platform or customer environments the vulnerability relates to denial of service scenarios triggered by specially crafted http requests to react server component server functions importantly this issue does not allow for remote code execution we recommend that customers who independently use react server components in their own applications review the advisory and upgrade to a patched version if applicable more information https vercel com changelog summary of cve 2026 23864 patched versions are available for affected react and framework releases and users should upgrade as recommended by their framework maintainers a critical severity vulnerability related to react server components has been disclosed affecting react versions 19 0 19 1 and 19 2 copy link vulnerabilities a critical severity vulnerability related to react server components has been disclosed affecting react versions 19 0 19 1 and 19 2 this includes next js which is used for internal applications at commerce as well as customers building storefronts using catalyst and makeswift for further details on the vulnerability refer to critical security vulnerability in react server components https react dev blog 2025 12 03 critical security vulnerability in react server components to avoid exposure next js and react need to be updated to their latest patched versions if you re hosting your application on vercel or are using cloudflare s waf those providers have platform level protections that help mitigate this vulnerability however upgrading to the latest versions of next js and react is strongly recommended for further details refer to the vercel https vercel com changelog cve 2025 55182 and cloudflare https blog cloudflare com waf rules react vulnerability blog posts here s what else you need to know specific to commerce actions we are taking all affected next js applications at commerce have been upgraded to a patched version of next js addressing the vulnerability we ve also released catalyst v1 3 5 which ships with a patched version of next js actions you need to take if you are running a catalyst based headless storefront you will need to update it to a version that includes the patched releases of next js and react the following catalyst versions incorporate these fixes bigcommerce catalyst core 1 3 5 bigcommerce catalyst makeswift 1 3 6 for migration details refer to the catalyst 1 3 5 release notes if you re using a version of bigcommerce catalyst b2b buyer portal follow the manual steps outlined in the release notes https developer bigcommerce com docs storefront catalyst release notes 1 3 5 makeswift makeswift customers that are not using catalyst should follow the makeswift blog post for specific mitigation steps https www makeswift com blog announcements 2025 12 03 react server components vulnerability 2025 penetration and network segmentation test summaries posted copy link vulnerabilities as part of commerce com s continued commitment to transparency and best in class security practices we have completed our 2025 third party penetration and network segmentation assessments executive summaries of these evaluations are now available in the reports section of our trust center these annual tests assess the security posture of our applications apis and mobile apps feed management system and include a comprehensive suite of network assessments covering both internal and external networks production segmentation and the logical separation between customer storefronts together these assessments validate the effectiveness of our overall security architecture and ensure the confidentiality integrity and availability of the commerce com platforms all findings were reviewed and addressed in accordance with our risk management framework and remediation slas 10 days for critical 30 days for high and 90 days for medium severity issues to view the executive summaries visit security bigcommerce com and navigate to the reports card european accessibility act eaa copy link compliance we re committed to creating an inclusive experience for all our customers as part of this commitment we want to inform you about the european accessibility act eaa which came into effect on june 28 2025 this significant legislation aims to make a wide range of products and services including digital platforms more accessible for people with disabilities across the eu we are actively working to ensure our offerings comply with these new standards reflecting our dedication to universal access and an enhanced user experience for everyone annual audit complete 2025 certifications and reports available copy link compliance script authorization on payment pages understanding pci 4 0 section 6 4 3 and how we re providing the tools to keep your payment pages secure https developer bigcommerce com resource hub script authorization on payment pages we re pleased to announce the successful completion of our 2025 annual audit as part of our commitment to transparency and security our updated iso certifications soc reports and pci attestations are now available for your review you can access all of these documents directly from our platform trust center https bigcommerce com security thank you for your continued trust and partnership 1 2 3 4 5 6 7 if you think you may have discovered a vulnerability please send us a note report issue built on
|