MUI does not offer any SaaS products, therefore we have a limited attack surface available for bad actors. Nevertheless, since we provide our software as a packaged development libraries we take important measures to ensure the security of our offerings:

• A thorough peer code review is required before each commit to ensure that no malicious code is added our code base.
• Only MUI employees are to be given access to merge and release code. Membership is reviewed as part of the off-boarding process, as well as during periodic review.
• Employees are required to use two-factor authentication when signing in with privileged access. This is enforced in GitHub at the organization level.
• MUI libraries must neither make nor receive network requests of any kind in order to minimise the risk to applications that consume them.
• Third party code dependencies must be automatically checked for known vulnerabilities. We use GitHub Dependabot which is enable automatically for any code new repository.
• Package dependencies must be automatically kept up to date, so that any hot-fixes for a potentially compromised dependency are applied in a timely manner. We use GitHub Dependabot which is enable automatically for any code new repository.

For any security inquiries please contact us at [email protected].