Schlage products are designed with security and privacy in mind.
- Allegion utilizes a Defense in Depth approach to security by utilizing multi-layered security controls
- Data is protected at rest and in motion
- It is assumed external systems are insecure
- Users and processes are authenticated and then their authorization is verified
- Respect users’ right to privacy and strive to protect it
A Secure Development Lifecycle (SDL) is utilized to drive security into the product during development
- Full-time global cybersecurity team committed to driving security into software/firmware development process
- Cybersecurity training for all developers and testers
- Security & Privacy requirements defined during requirements phase
- Threat modeling conducted during design phase
- Static Analysis Tools utilized during implementation phase
Schlage provides firmware & software updates securely if vulnerabilities are identified
- Firmware updates are encrypted and signed using cryptographically secure method
- Security issues are tracked to closure and root-cause analysis is performed
- Lessons learned are incorporated into the development process to prevent repeat incidents
Schlage utilizes a 3rd party penetration tester to validate the security of its products
- Allegion utilizes Best-in-Class 3rd Party Penetration Testers which includes:
- Penetration testing (run-time analysis)
- Reverse engineering (binary analysis)
- Code reviews (static analysis)
- Threat modeling (design analysis)
- Device testing (hardware analysis)
Allegion Vulnerability Disclosure Program
Schlage takes the security of our products and systems seriously, and we value and appreciate contributions from the security community. The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of our customers. As part of our commitment to protecting our devices, products and systems, we have a vulnerability disclosure program. If you have identified a potential security vulnerability or privacy issue with Allegion devices, products or systems, please visit our Vulnerability Disclosure Program page.