Skip to content
Contact Varjo Support
  • There are no suggestions because the search field is empty.

What makes Varjo's software (Varjo Base) secure?

Information about security features and development practices in Varjo Base

Varjo Base—our software for managing the headset—was designed with enterprise-grade security in mind. The core principle: the customer is always in control of data and connectivity. 

  • All log files are stored on the customer’s PC and are fully under their control—they can be read, deleted, or shared manually. No logs are sent automatically. 
  • Automatic software updates can be fully disabled. All updates are digitally signed so customers can verify authenticity. 

Varjo Base is developed following a secure Software Development Lifecycle (SDLC) that includes: 

  • Mandatory code reviews and automated testing for every code change. 
  • Only designated personnel can approve code for release. 
  • A dedicated team manages Continuous Integration (CI) systems, with VPN and user authentication (MFA) required for remote access. 
  • Static code analysis is used regularly to identify security and quality issues. 
  • All third-party components are vetted, and a dependency vulnerability scanner runs on every build. 

Certified security:

  • Certified to Field by United States Air Force. Varjo Base has Certificate to Field (CTF) from the United States Air Force. This certification validates use within the U.S. Air Force‘s Operational Test and Training Infrastructure (OTTI). The certification is valid for the 4.5.0 version of Varjo Base and all future versions of the fourth-generation software supporting the XR-4 Series. Read more about the Certificate to Field here.