Corporate Climate Policy

1. Introduction#

DefectDojo is committed to leading the way in DevSecOps and vulnerability management. We believe that a secure digital environment and a healthy planet are not mutually exclusive goals. Just as we strive to build a more secure and resilient digital world, we are dedicated to doing our part to create a sustainable future for all.

This Corporate Climate Policy outlines our commitment to understanding, managing, and reducing our environmental impact. It is a living document that will evolve as our company grows and as we identify new opportunities for positive change.

2. Our Commitment#

DefectDojo commits to:

• Measure and Monitor: We will regularly measure and monitor our greenhouse gas (GHG) emissions across all relevant scopes to understand our climate impact.
• Reduce Our Footprint: We will set meaningful targets to reduce our emissions, focusing on the most significant sources within our operations.
• Promote a Culture of Sustainability: We will empower our employees, partners, and the open-source community to make environmentally responsible choices.
• Transparency and Accountability: We will be transparent about our progress and hold ourselves accountable to our climate commitments.
• Continuous Improvement: We will regularly review and update this policy to reflect new technologies, best practices, and our evolving business.

3. Focus Areas and Actions#

We will focus our efforts on the following key areas:

3.1 Sustainable Infrastructure and Cloud Services#

As a software company, our primary environmental impact comes from the energy consumed by the infrastructure that runs our platform and business operations.

• Cloud Provider Selection: We will prioritize cloud providers that are committed to using renewable energy to power their data centers. We will regularly review the sustainability reports of our cloud providers to ensure they align with our climate goals.
• Resource Optimization: We will continuously work to optimize our cloud infrastructure to reduce energy consumption. This includes right-sizing our computing resources, eliminating idle instances, and leveraging energy-efficient cloud services.
• Data Storage: We will implement data management policies to reduce redundant and unnecessary data storage, thereby minimizing the associated energy consumption.

3.2 Energy-Efficient Operations#

We are a remote-first company and will encourage energy efficiency in our employees’ home offices.

• Remote Work: We will continue to support a remote-first work culture, which reduces emissions from commuting.
• Energy-Efficient Equipment: We will encourage employees to use ENERGY STAR® certified equipment in their home offices.
• Paperless Operations: We will strive for paperless operations wherever possible, utilizing digital documents and signatures.

3.3 Responsible Hardware Lifecycle Management#

The production and disposal of electronic hardware have a significant environmental impact.

• Sustainable Procurement: We will prioritize the procurement of hardware from manufacturers with strong environmental and social responsibility commitments.
• Extended Lifespan: We will seek to extend the lifespan of our hardware through repair and refurbishment.
• E-Waste Disposal: We will partner with certified e-waste recyclers to ensure that all retired hardware is disposed of responsibly.

3.4 Sustainable Software Development#

We recognize that the way software is designed and written can impact its energy consumption.

• Green Software Principles: We will explore and promote the principles of green software development within our engineering teams. This includes writing efficient code, minimizing data transfer, and considering the energy impact of our software architecture.
• Community Engagement: We will engage with the open-source community to share best practices for sustainable software development and contribute to a greener digital ecosystem.

3.5 Employee Engagement and Empowerment#

We believe that our employees are our greatest asset in achieving our climate goals.

• Green Team: We will establish a voluntary “Green Team” to champion sustainability initiatives within the company.
• Education and Awareness: We will provide our employees with resources and information on how to reduce their environmental impact at work and at home.
• Incentives: We will explore opportunities to incentivize sustainable behaviors among our employees.

3.6 Travel and Events#

While we are a remote-first company, we recognize that some travel and in-person events are necessary.

• Sustainable Travel: When travel is required, we will encourage employees to choose the most environmentally friendly transportation options available.
• Virtual First: We will prioritize virtual meetings and events to reduce the need for travel.
• Sustainable Events: For in-person events, we will work with vendors and venues that share our commitment to sustainability.

4. Governance and Reporting#

• Oversight: Our leadership team will be responsible for overseeing the implementation of this policy.
• Reporting: We will report on our progress against our climate goals annually. This report will be made available to our employees, customers, and other stakeholders.
• Review: We will review and update this policy at least every two years to ensure it remains relevant and effective.

5. Looking Forward#

At DefectDojo, we are just beginning our journey to become a more sustainable company. We are excited about the opportunities ahead and are committed to making a positive impact on the world, both through our software and our actions. We invite our employees, customers, and the entire DefectDojo community to join us on this journey.