We take important measures to ensure the security of our offerings:

• A thorough peer code review is required before each commit to ensure that no malicious code is added to our code base.
• Third-party code dependencies must be automatically checked for known vulnerabilities. We use GitHub Dependabot, which is enabled automatically for any new code repository.
• Package dependencies must be automatically kept up to date, so that any hot-fixes for a potentially compromised dependency are applied promptly. We use GitHub Dependabot, which is enabled automatically for any new code repository.
• Only MUI employees & affiliates are to be given access to merge and release code. Membership is reviewed as part of the Offboarding process, as well as during periodic review.