Certificate of Security for Zimbra, Inc.
Netragard, Inc. completed the delivery of an Advanced Web Application Penetration Test and source code review of Zimbra version 8.5.0 (“Zimbra”) for Zimbra, Inc. (“Customer”) on 08/14/2014 (“Date of Certification”). Testing was performed at a threat level matching or exceeding 9.0 which is significantly higher than the level of threat that most, if not all Zimbra users will face in the wild with normal usage. At this elevated level of threat Zimbra received a CVSS v2.0 global score of 2.1 indicating the existence of negligible, non-exploitable vulnerabilities. Netragard, Inc. hereby certifies that the security of Zimbra is sufficiently robust to protect sensitive business emails, schedules, chat conversations, collaboration information, and other related content that Zimbra is designed to process and store.