Compliance

Lightbend is a SOC 2 compliant organization beginning with the newest version of Akka v23.05 released April 25, 2023.

NOTE: Licensing Akka ensures organizations that the version of Akka they are running in production will have all of the latest known vulnerabilities patched and maintain compliance with the standards as listed below.

All earlier or open source versions prior to Akka v23.05 are NOT compliant. Visit Pricing for information on Akka development and production license packages.

SOC 2 standards

Relevant sections from the standards for running Akka in production:

SOC 2

Vendor Management Process, Vendor Compliance Review

CC1.4, CC3.2, CC3.4, CC9.2
Vendor's compliance must be verified annually

Patch Management

CC7.5

Vulnerability Scanning and Remediation

CC4.1, CC7.1, CC7.4

Software Development Lifecycle

CC8.1
Refers to OWASP standards and dependency check

Users of Akka Open Source

Lightbend has committed to patch Severity 1 / Critical vulnerabilities only in the final open source version of Akka (v2.6) until September 2023.

All other vulnerabilities and bugs are only fixed and patched in licensed versions of Akka. The current licensed version of Akka (23.05) has the following vulnerabilities patched:

CVE-2022-42003
CVE-2020-36518
CVE-2022-42004
CVE-2022-42003
CVE-2022-22970
CVE-2022-22950

CVE-2022-22971
CVE-2022-22968
CVE-2020-13957
CVE-2021-37404
CVE-2022-25168
CVE-2022-26612

CVE-2020-9492
CVE-2017-15713
CVE-2021-22569
CVE-2023-29471
CVE-2023-31442
CVE-2022-41915

CVE-2022-3509
CVE-2022-3510
CVE-2022-3171
CVE-2023-33251

NOTE: Maintaining compliance with SOC 2 standards requires licensing and updating production systems to Akka v23.05.

Visit Pricing for information on Akka development and production license packages.

Contact Us About Akka

We'd love to learn about your requirements, answer your unique questions, and review ways that Lightbend can help you and your organization.