Security and Validation FAQ

What is Beyond Compare?

Beyond Compare is retail, off-the-shelf client software for file and folder comparison and synchronization.  It is not a hosted, cloud, or software as a service (SaaS) product.

What are Beyond Compare's features?

Features List

What is Scooter Software and how can they be contacted?

Scooter Software is the manufacturer of Beyond Compare.
Contact Us

Does Scooter Software have any certifications?

Scooter Software and Beyond Compare do not have any certifications (ISO 27001, SOC 2, FedRAMP, HITRUST, etc.).

Does Scooter Software have security profiles with any third-party cybersecurity risk management platforms?

Scooter Software has security self-assessments with the following platforms:

Does Scooter Software process data on behalf of customers using Beyond Compare?

Scooter Software does not process data on behalf of customers using Beyond Compare.

Does Scooter Software have access to customer data, computers, or networks when they use Beyond Compare?

Scooter Software does not have access to customer data, computers, or networks when they use Beyond Compare.

Besides use cases involving a networked data repository, is any data sent to an external location, such as a Scooter Software server?

Beyond Compare does not send data being compared over the network unless a networked data repository is being used (network drive, FTP server, etc.).

If the software crashes, it displays a crash dialog that prompts the user to send crash information (call stack, Beyond Compare settings, OS, hardware, optionally a screenshot).  Crashes are not sent automatically.  Crash reports can be sent directly from the crash reporting tool or saved as a text file.  Aside from anything visible in the optional screenshot, crash reports do not include the content being compared.

Default settings check for software updates every 7 days.  A user can also select Help | Check for Updates to manually initiate an update check.  The check for software updates makes an HTTPS (HTTP in older versions) connection to www.scootersoftware.com.  Information visible to Scooter Software in check for updates logs:  public IP address, OS, Beyond Compare version, licensed or trial mode, serial number if licensed.  The automatic check for updates can be disabled in program options.  The automatic and manual check for updates are disabled when using the MSI installer.

Does Beyond Compare support FIPS 140-2 compliant encryption?

Beyond Compare does not support FIPS 140-2 compliant encryption.

Is Beyond Compare affected by the Log4j vulnerability?

No, see Beyond Compare's Log4j status.

What software security practices or processes are employed to identify and resolve security vulnerabilities in Beyond Compare?

Beyond Compare's installer and executable are code signed, then they are scanned with multiple antivirus products via VirusTotal before release.

Scooter Software's lead developer follows industry security news and monitors security information for tools and third-party libraries used in Beyond Compare.

Does Scooter Software use appropriate build or version control tools?

Yes, Scooter Software uses build automation and version control tools for the development of Beyond Compare.

How does Scooter Software inform customers of security or other software updates?

Beyond Compare's default settings check for updates every 7 days, then show a menu bar notification when a new version is available.

Software and security updates are announced in the following places:

Scooter Software doesn't have an email list for software and security updates.  However, customers can create a forum account, then subscribe to email notification of new posts in the News & Announcements forum.  The forum also provides an RSS feed.

Vulnerabilities, bug fixes, and feature updates are documented in the Change Log.  To find security specific changes, search for the text CVE in the change log.

What is the patch release schedule for Beyond Compare?

Minor version updates are released 3-6 times per year.

Has Scooter Software suffered any recent security breaches?

Discussion forum data breach in 2019.

What applications, libraries, and open-source software are used to produce Beyond Compare?

Third-party software used to produce Beyond Compare is listed in the Support, Ordering and License page of the help file.

Does Scooter Software have any offices outside the USA?

Scooter Software has one office, located within the USA.

Does Scooter Software have any employees outside the USA?

All Scooter Software employees are located within the USA.

Does Scooter Software outsource development to a third-party company?

Scooter Software does not outsource development to a third party.

How does Scooter Software secure IT infrastructure and plan for business continuity and disaster recovery?

Are validation documents available for Beyond Compare?

Scooter Software does not provide validation documentation for Beyond Compare.

Beyond Compare is intended as general-purpose computer software, with a level of testing and pricing that reflect that.  Testing and test documentation aren't performed to a level required for highly regulated environments (medical, automotive, etc.).

Customers using Beyond Compare in highly regulated environments perform their own validation for their specific use cases.

How are Beyond Compare releases tested?

A beta period is always used to test significant new features before official release.  The beta period for Beyond Compare 4.0 was over a year, the beta period for Beyond Compare 4.1 was 4 months.

For every release, staff test against changes listed in the Change Log, then a regression checklist of major features.  All developers and technical support staff sign off before a release is provided to customers.

What terms and conditions govern the use of Beyond Compare?

Use of Beyond Compare is governed by the License Agreement.

What is Scooter Software's privacy policy?

Privacy Policy

Are Scooter Software and Beyond Compare GDPR compliant?

Yes, see Privacy Policy.