UltraEdit, a security-hardened text editor

  • Developed with industry-grade security tools
  • Maintained and supported by a dedicated team
  • Highly performant on large files
  • Flexible and versatile with integrated tooling
UltraEdit is the most flexible, powerful, and secure text editor.
Download a free, full-feature trial to see why. Available for Windows, Mac, and Linux.

An overview of our approach to security

Today’s software has become more interdependent and more reliant on third-party components—especially in the text editor space that is dominated by free and open source options. The flexibility and ease-of-access that a third party component ecosystem offers may unknowingly introduce overlooked vulnerabilities.

We understand the value of having a robust software security chain. A text or code editor may not be the most obvious vector for a security breach, but to ensure maximum risk mitigation, our text editor leaves no stone unturned. We use cutting edge security tools and techniques to prevent data loss, information leaks, or other unauthorized data processing operations.

UE+
Secure coding practices and reviews

No code is ever checked into our proprietary codebase until after it’s been reviewed by two senior developers.

UE+
Static application security testing

Every build of our products is scanned by Kiuwan SAST, with all issues flagged “moderate” or higher requiring full resolution.

UE+
Software composition analysis

Every third party component in our products is scanned by Black Duck SCA. Any reported issue or vulnerability requires remediation.

UE+
No user/file data sent to cloud or our servers…ever

All data processed by our products remains local to the operating machine. We don’t collect user, file, or any sort of analytics data whatsoever.

UE+
Online license activation via https; offline also available

Your license is activated via secure HTTPS connection with no personally identifying information sent to our activation server. For those with internet restrictions, we offer an offline activation option.

UE+
SBOM available upon request

For those who require it, we provide a Software Bill of Materials (SBOM), providing peace of mind that our libraries are safe, standardized, and hardened.

UE+
No automatic updates

While we publish updates at a steady cadence, we never force an update or automatically download one to local machines. Updates are accepted at the discretion of the user and are completely disabled in our enterprise packages.

UE+
Optional cloud and server connectivity components

Our FTP, SSH, and cloud components can easily be disabled on-demand during deployment.

UE+
Compliant with local / system access controls

Our products install natively on the operating system, thus are subject to the local and group policy restrictions under which they’re run.

UE+
Proprietary codebase

All of our products are written in proprietary low-level code, keeping it protected from malicious eyes. We don’t use popular but vulnerable web stack or JavaScript libraries.

UE+
Commercially supported

Our responsibility is to our customer’s safety, thus we heavily invest in robust security measures and tools. Furthermore, we work to make sure our tools meet our customers’ compliance and legal requirements. Good luck getting that with open source.

UE+
Dedicated support and response team

Our customers know that with our products they have a dedicated quality and support team at their disposal. We respond quickly to issues, often providing verification builds directly to users to confirm requested improvements.

What we’re doing to secure
your editor and your data

Three-Pronged Methodology

Every version of UltraEdit undergoes the same stringent process of development. First, every release goes through a standardized series of self-review followed by peer review by more senior developers. Secondly, the source code is then thoroughly checked using SAST tools to eliminate any oversight and unconventional code. Lastly, to ensure each and every external component has no known vulnerabilities, an SCA tool verifies the integrity of the entire code base and its underlying third-party dependencies.

Manually reviewed and supported

Unlike bonafide open source software, UltraEdit is a commercially supported editor with its own dev and support team. All software components native to the editor have gone through meticulous planning, screening, and testing before they are ever accessible to its users. And in the event that a user would need help, a support team stands at the ready to assist with every question they may have.

Employing cutting-edge tools

UltraEdit is managed and developed by a dedicated team of experts who take security seriously. To further bolster UltraEdit’s defenses against unintentional and malicious issues, our team also employs specialists’ tools. Kiuwan SAST and Black Duck SCA by Synopsys.

Understands your needs

Nothing beats a tailored experience. If you encounter a daily problem or potential area for improvement, we are more than happy to explore how to better protect you and your data. Send us a message and our team would love to help.

Highly secure, Unrivaled performance

UltraEdit delivers optimum performance for any text, code, and hex editing work you may need. Work with extremely large XML files, build HTML/CSS web pages, or even modify complex binary files with the reliability of a fortified editor. Be confidently flexible with UltraEdit’s unopinionated and secure workflow.

Reporting Security Issues

Keeping customer data safe and our software secure is our top priority. Your input and feedback on what you require in terms of security is highly valued. Please send urgent and security-related requests directly to [email protected] and we will get back to you shortly.

Disclosing security issues

If you discovered a security issue that might impact our products or infrastructure, please let us know. We will acknowledge your report, provide a way to track the issue and start investigating the problem immediately. Once the issue has been resolved we’ll post a security update along with credits if applicable.

Please do not publicly disclose any problems without coordinating with us, so we can ensure that all customer accounts and instances have been secured first. We answer all requests within one business day.