{"id":34000,"date":"2026-06-29T13:06:29","date_gmt":"2026-06-29T20:06:29","guid":{"rendered":"https:\/\/www.pingcap.com\/?p=34000"},"modified":"2026-06-30T13:07:10","modified_gmt":"2026-06-30T20:07:10","slug":"tidb-ncc-group-security-assessment","status":"publish","type":"post","link":"https:\/\/www.pingcap.com\/ko\/blog\/tidb-ncc-group-security-assessment\/","title":{"rendered":"TiDB Completes Independent Security Assessment by NCC Group"},"content":{"rendered":"<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Key_Takeaways\"><\/span><strong>Key Takeaways<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>NCC Group\u2019s 45-day white-box assessment found <strong>zero critical, high, or medium severity issues<\/strong> across 20 repositories.<\/li>\n\n\n\n<li>All eight findings were rated <strong>Low<\/strong>, spanning default configuration hardening and dependency hygiene.<\/li>\n\n\n\n<li>TiDB integrated gosec into CI, updated dependencies, and NCC Group verified that mTLS and authentication controls work when configured.<\/li>\n\n\n\n<li>TiDB is working toward secure-by-default configurations for self-managed deployments.<\/li>\n\n\n\n<li>NCC Group\u2019s initial assessment ran from June 2025 through September 2025<\/li>\n\n\n\n<li>NCC Group performed a retest in April 2026<\/li>\n<\/ul>\n<\/blockquote>\n\n\n\n<p class=\"wp-block-paragraph\">When enterprises evaluate a <a href=\"https:\/\/www.pingcap.com\/ko\/what-is-tidb\/\">distributed SQL database<\/a> for production workloads, security isn\u2019t a checkbox. It\u2019s a prerequisite. Teams running financial transactions, customer data, and AI agent infrastructure need to know that the database they depend on holds up under independent scrutiny, not just internal testing.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">That\u2019s why <a href=\"https:\/\/www.pingcap.com\/ko\/what-is-tidb\/\">\ud2f0DB<\/a> engaged <strong>NCC Group<\/strong>, a global cybersecurity consultancy, to conduct a white-box security assessment of TiDB. The engagement covered source code review and dynamic testing across the full TiDB stack: TiDB, TiKV, TiFlash, PD, and supporting components. The result: Zero critical, high, or medium severity findings across 45 days of expert review.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This blog covers what was tested, what was found, what we fixed, and what we\u2019re doing next.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_NCC_Group_Tested\"><\/span><strong>What NCC Group Tested<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">NCC Group\u2019s assessment ran from June 2025 through September 2025 against TiDB 8.5.2. TiDB provided full source code access, making this a white-box engagement rather than a black-box penetration test. One consultant worked across 45 person-days of effort, covering two testing methodologies:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Source code review<\/strong> used static analysis tools followed by targeted manual review of security-critical areas across all major repositories, including TiDB, TiKV, TiFlash, PD, TiDB Dashboard, TiDB Operator, TiFlow, and supporting tooling.<\/li>\n\n\n\n<li><strong>Dynamic testing<\/strong> evaluated the security posture of a live, multi-node TiDB deployment in a dedicated test environment.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The scope covered 20 repositories, the full distributed architecture, and the operational surface area that a real deployment exposes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_the_Assessment_Found\"><\/span><strong>What the Assessment Found<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Eight findings, all rated Low severity. The findings fell into two areas: Default configuration hardening and code-level hygiene.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The majority of findings related to TiDB\u2019s default security posture for self-managed deployments. Out of the box, inter-component communication does not enforce TLS, and status, administrative, and diagnostic endpoints (including pprof and configuration APIs) do not require authentication. TiDB supports mutual TLS (mTLS) and caller-identity verification for all of these surfaces.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For production deployments, TiDB recommends enabling TLS for inter-component traffic and configuring mutual TLS with caller-identity verification, which requires these endpoints to present a trusted client certificate before granting access. Configuration guidance is documented in <a href=\"http:\/\/docs.pingcap.com\/tidb\/stable\/enable-tls-between-components\/\">Enable TLS Between Components<\/a>, specifically the <a href=\"http:\/\/docs.pingcap.com\/tidb\/stable\/enable-tls-between-components\/#verify-component-callers-identity\">\u201cVerify component caller\u2019s identity\u201d section<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">NCC Group\u2019s retest confirmed that with these settings in place, the affected endpoints negotiate TLS 1.3 and reject unauthenticated clients.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The remaining findings were code-level: Two flagged known vulnerabilities in pinned Rust and Go dependencies where manual review confirmed no direct exploitation paths in the current codebase, and two identified gaps in static analysis tooling in the CI pipeline.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_TiDB_Fixed\"><\/span><strong>What TiDB Fixed<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Following the initial assessment, NCC Group performed a retest in April 2026 against TiDB 8.5.6. The results:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Fixed: Gosec linter integration.<\/strong> TiDB integrated the gosec linter directly into the TiDB CI pipeline. We resolved the unaddressed warnings NCC Group flagged in the initial assessment. The system now checks new code changes automatically. This was the clearest action item from the assessment, and we&#8217;ve done it.<\/li>\n\n\n\n<li><strong>Partially fixed: Go dependency updates.<\/strong> TiDB updated pinned dependencies across the primary component repositories (ng-monitoring, tidb-dashboard, tidb-tools, tiflow, pd). Some instances remain in peripheral tooling, and remediation is ongoing.<\/li>\n\n\n\n<li><strong>Verified: Security controls for production deployments.<\/strong> NCC Group retested TiDB\u2019s security controls (mTLS enforcement, authenticated endpoints, TLS 1.3 negotiation) on a properly configured deployment and confirmed they work correctly. Because these controls are available, documented, and verified effective, NCC Group marked the default-configuration findings as Risk Accepted. This is a standard outcome for infrastructure software where deployment security is a shared responsibility between the vendor and the operator.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">For <a href=\"https:\/\/www.pingcap.com\/ko\/tidb\/cloud\/\">TiDB Cloud<\/a> customers, TiDB\u2019s infrastructure team manages these configuration controls, so the default-configuration findings do not apply to managed deployments.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_TiDB_Invested_in_This_Assessment\"><\/span><strong>Why TiDB Invested in This Assessment<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Most database vendors don\u2019t publish independent security assessments. Internal security teams test their own code, fix what they find, and the outside world sees a changelog entry. That approach has limits: Internal teams know where they built the guardrails, and they unconsciously test around them.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">TiDB commissioned this assessment because TiDB is the operational database for companies running financial services workloads, real-time <a href=\"https:\/\/www.pingcap.com\/ko\/ai\/\">AI agent infrastructure<\/a>, and customer-facing applications where a security gap isn\u2019t theoretical. Customers like <a href=\"https:\/\/www.pingcap.com\/ko\/case-study\/bolt-modernizing-mysql-tidb-scale-thousands-microservices-aws\/\">Bolt<\/a>, <a href=\"https:\/\/www.pingcap.com\/ko\/case-study\/manus-agentic-ai-database-tidb\/\">Manus<\/a>, \uadf8\ub9ac\uace0 <a href=\"https:\/\/www.pingcap.com\/ko\/video\/user-story-how-pinterest-modernized-its-nosql-data-infrastructure\/\">Pinterest<\/a> run TiDB in environments where independent validation matters more than marketing claims.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Happens_Next\"><\/span><strong>What Happens Next<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The assessment produced two strategic recommendations that TiDB is acting on beyond the specific fixes already completed:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Secure defaults.<\/strong> NCC Group recommended that TiDB consider requiring users to opt into insecure configurations, rather than defaulting to them. TiDB is evaluating changes to the default TLS and authentication configuration for self-managed deployments to reduce the security surface area of out-of-the-box installations. TiDB will share specifics as that work matures.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Continuous dependency monitoring.<\/strong> With gosec now in CI, TiDB is extending the same discipline to govulncheck for Go dependencies and cargo-audit for Rust dependencies. The goal is automated, continuous tracking of known vulnerabilities so they surface in pull requests, not quarterly audits.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><em>If your team is evaluating TiDB for a security-sensitive workload, check out the full <a href=\"https:\/\/www.nccgroup.com\/research\/public-report-tidb-security-assessment\/\">NCC Group report<\/a> to find out how TiDB meets your security requirements.<\/em><\/p>","protected":false},"excerpt":{"rendered":"<p>When enterprises evaluate a distributed SQL database for production workloads, security isn\u2019t a checkbox. It\u2019s a prerequisite. Teams running financial transactions, customer data, and AI agent infrastructure need to know that the database they depend on holds up under independent scrutiny, not just internal testing. That\u2019s why TiDB engaged NCC Group, a global cybersecurity consultancy, [&hellip;]<\/p>\n","protected":false},"author":218,"featured_media":34043,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[147,505,253,111,31],"class_list":["post-34000","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-product","tag-distributed-sql","tag-ncc-group","tag-security","tag-tidb","tag-tidb-cloud"],"acf":[],"featured_image_src":"https:\/\/static.pingcap.com\/files\/2026\/06\/30125919\/Copy-of-Blog-Feature-5.png","author_info":{"display_name":"Brian Foster","author_link":"https:\/\/www.pingcap.com\/ko\/blog\/author\/brian-james-foster\/"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>TiDB Security Assessment by NCC Group<\/title>\n<meta name=\"description\" content=\"NCC Group\u2019s 45-day white-box security assessment of TiDB found zero critical, high, or medium issues. See the full results and what we fixed.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.pingcap.com\/ko\/blog\/tidb-ncc-group-security-assessment\/\" \/>\n<meta property=\"og:locale\" content=\"ko_KR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"TiDB Security Assessment by NCC Group\" \/>\n<meta property=\"og:description\" content=\"NCC Group\u2019s 45-day white-box security assessment of TiDB found zero critical, high, or medium issues. See the full results and what we fixed.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.pingcap.com\/ko\/blog\/tidb-ncc-group-security-assessment\/\" \/>\n<meta property=\"og:site_name\" content=\"TiDB\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/facebook.com\/pingcap2015\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-29T20:06:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-30T20:07:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/static.pingcap.com\/files\/2026\/06\/30125934\/Copy-of-Blog-LinkedIn-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"627\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Brian Foster\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/static.pingcap.com\/files\/2026\/06\/30125948\/Blog-Twitter-Banner-6.png\" \/>\n<meta name=\"twitter:creator\" content=\"@PingCAP\" \/>\n<meta name=\"twitter:site\" content=\"@PingCAP\" \/>\n<meta name=\"twitter:label1\" content=\"\uae00\uc4f4\uc774\" \/>\n\t<meta name=\"twitter:data1\" content=\"Brian Foster\" \/>\n\t<meta name=\"twitter:label2\" content=\"\uc608\uc0c1 \ub418\ub294 \ud310\ub3c5 \uc2dc\uac04\" \/>\n\t<meta name=\"twitter:data2\" content=\"5\ubd84\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.pingcap.com\\\/blog\\\/tidb-ncc-group-security-assessment\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.pingcap.com\\\/blog\\\/tidb-ncc-group-security-assessment\\\/\"},\"author\":{\"name\":\"Brian Foster\",\"@id\":\"https:\\\/\\\/www.pingcap.com\\\/#\\\/schema\\\/person\\\/e2c94b706bf3eaeebbd9a511005c41f2\"},\"headline\":\"TiDB Completes Independent Security Assessment by NCC Group\",\"datePublished\":\"2026-06-29T20:06:29+00:00\",\"dateModified\":\"2026-06-30T20:07:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.pingcap.com\\\/blog\\\/tidb-ncc-group-security-assessment\\\/\"},\"wordCount\":918,\"publisher\":{\"@id\":\"https:\\\/\\\/www.pingcap.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pingcap.com\\\/blog\\\/tidb-ncc-group-security-assessment\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/static.pingcap.com\\\/files\\\/2026\\\/06\\\/30125919\\\/Copy-of-Blog-Feature-5.png\",\"keywords\":[\"Distributed SQL\",\"NCC Group\",\"Security\",\"TiDB\",\"TiDB Cloud\"],\"articleSection\":[\"Product\"],\"inLanguage\":\"ko-KR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.pingcap.com\\\/blog\\\/tidb-ncc-group-security-assessment\\\/\",\"url\":\"https:\\\/\\\/www.pingcap.com\\\/blog\\\/tidb-ncc-group-security-assessment\\\/\",\"name\":\"TiDB Security Assessment by NCC Group\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.pingcap.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.pingcap.com\\\/blog\\\/tidb-ncc-group-security-assessment\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pingcap.com\\\/blog\\\/tidb-ncc-group-security-assessment\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/static.pingcap.com\\\/files\\\/2026\\\/06\\\/30125919\\\/Copy-of-Blog-Feature-5.png\",\"datePublished\":\"2026-06-29T20:06:29+00:00\",\"dateModified\":\"2026-06-30T20:07:10+00:00\",\"description\":\"NCC Group\u2019s 45-day white-box security assessment of TiDB found zero critical, high, or medium issues. See the full results and what we fixed.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.pingcap.com\\\/blog\\\/tidb-ncc-group-security-assessment\\\/#breadcrumb\"},\"inLanguage\":\"ko-KR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.pingcap.com\\\/blog\\\/tidb-ncc-group-security-assessment\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\\\/\\\/www.pingcap.com\\\/blog\\\/tidb-ncc-group-security-assessment\\\/#primaryimage\",\"url\":\"https:\\\/\\\/static.pingcap.com\\\/files\\\/2026\\\/06\\\/30125919\\\/Copy-of-Blog-Feature-5.png\",\"contentUrl\":\"https:\\\/\\\/static.pingcap.com\\\/files\\\/2026\\\/06\\\/30125919\\\/Copy-of-Blog-Feature-5.png\",\"width\":1800,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.pingcap.com\\\/blog\\\/tidb-ncc-group-security-assessment\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.pingcap.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"TiDB Completes Independent Security Assessment by NCC Group\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.pingcap.com\\\/#website\",\"url\":\"https:\\\/\\\/www.pingcap.com\\\/\",\"name\":\"TiDB\",\"description\":\"TiDB | SQL at Scale\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.pingcap.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.pingcap.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ko-KR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.pingcap.com\\\/#organization\",\"name\":\"PingCAP\",\"url\":\"https:\\\/\\\/www.pingcap.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\\\/\\\/www.pingcap.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/static.pingcap.com\\\/files\\\/2021\\\/11\\\/pingcap-logo.png\",\"contentUrl\":\"https:\\\/\\\/static.pingcap.com\\\/files\\\/2021\\\/11\\\/pingcap-logo.png\",\"width\":811,\"height\":232,\"caption\":\"PingCAP\"},\"image\":{\"@id\":\"https:\\\/\\\/www.pingcap.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/facebook.com\\\/pingcap2015\",\"https:\\\/\\\/x.com\\\/PingCAP\",\"https:\\\/\\\/linkedin.com\\\/company\\\/pingcap\",\"https:\\\/\\\/youtube.com\\\/channel\\\/UCuq4puT32DzHKT5rU1IZpIA\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.pingcap.com\\\/#\\\/schema\\\/person\\\/e2c94b706bf3eaeebbd9a511005c41f2\",\"name\":\"Brian Foster\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ko-KR\",\"@id\":\"https:\\\/\\\/static.pingcap.com\\\/files\\\/2023\\\/07\\\/06161300\\\/brian-foster-150x150.jpeg\",\"url\":\"https:\\\/\\\/static.pingcap.com\\\/files\\\/2023\\\/07\\\/06161300\\\/brian-foster-150x150.jpeg\",\"contentUrl\":\"https:\\\/\\\/static.pingcap.com\\\/files\\\/2023\\\/07\\\/06161300\\\/brian-foster-150x150.jpeg\",\"caption\":\"Brian Foster\"},\"description\":\"Global Content Director\",\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/in\\\/brian-foster-33453a6\\\/\"],\"url\":\"https:\\\/\\\/www.pingcap.com\\\/ko\\\/blog\\\/author\\\/brian-james-foster\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TiDB Security Assessment by NCC Group","description":"NCC Group\u2019s 45-day white-box security assessment of TiDB found zero critical, high, or medium issues. See the full results and what we fixed.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.pingcap.com\/ko\/blog\/tidb-ncc-group-security-assessment\/","og_locale":"ko_KR","og_type":"article","og_title":"TiDB Security Assessment by NCC Group","og_description":"NCC Group\u2019s 45-day white-box security assessment of TiDB found zero critical, high, or medium issues. See the full results and what we fixed.","og_url":"https:\/\/www.pingcap.com\/ko\/blog\/tidb-ncc-group-security-assessment\/","og_site_name":"TiDB","article_publisher":"https:\/\/facebook.com\/pingcap2015","article_published_time":"2026-06-29T20:06:29+00:00","article_modified_time":"2026-06-30T20:07:10+00:00","og_image":[{"width":1200,"height":627,"url":"https:\/\/static.pingcap.com\/files\/2026\/06\/30125934\/Copy-of-Blog-LinkedIn-2.png","type":"image\/png"}],"author":"Brian Foster","twitter_card":"summary_large_image","twitter_image":"https:\/\/static.pingcap.com\/files\/2026\/06\/30125948\/Blog-Twitter-Banner-6.png","twitter_creator":"@PingCAP","twitter_site":"@PingCAP","twitter_misc":{"\uae00\uc4f4\uc774":"Brian Foster","\uc608\uc0c1 \ub418\ub294 \ud310\ub3c5 \uc2dc\uac04":"5\ubd84"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.pingcap.com\/blog\/tidb-ncc-group-security-assessment\/#article","isPartOf":{"@id":"https:\/\/www.pingcap.com\/blog\/tidb-ncc-group-security-assessment\/"},"author":{"name":"Brian Foster","@id":"https:\/\/www.pingcap.com\/#\/schema\/person\/e2c94b706bf3eaeebbd9a511005c41f2"},"headline":"TiDB Completes Independent Security Assessment by NCC Group","datePublished":"2026-06-29T20:06:29+00:00","dateModified":"2026-06-30T20:07:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.pingcap.com\/blog\/tidb-ncc-group-security-assessment\/"},"wordCount":918,"publisher":{"@id":"https:\/\/www.pingcap.com\/#organization"},"image":{"@id":"https:\/\/www.pingcap.com\/blog\/tidb-ncc-group-security-assessment\/#primaryimage"},"thumbnailUrl":"https:\/\/static.pingcap.com\/files\/2026\/06\/30125919\/Copy-of-Blog-Feature-5.png","keywords":["Distributed SQL","NCC Group","Security","TiDB","TiDB Cloud"],"articleSection":["Product"],"inLanguage":"ko-KR"},{"@type":"WebPage","@id":"https:\/\/www.pingcap.com\/blog\/tidb-ncc-group-security-assessment\/","url":"https:\/\/www.pingcap.com\/blog\/tidb-ncc-group-security-assessment\/","name":"TiDB Security Assessment by NCC Group","isPartOf":{"@id":"https:\/\/www.pingcap.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.pingcap.com\/blog\/tidb-ncc-group-security-assessment\/#primaryimage"},"image":{"@id":"https:\/\/www.pingcap.com\/blog\/tidb-ncc-group-security-assessment\/#primaryimage"},"thumbnailUrl":"https:\/\/static.pingcap.com\/files\/2026\/06\/30125919\/Copy-of-Blog-Feature-5.png","datePublished":"2026-06-29T20:06:29+00:00","dateModified":"2026-06-30T20:07:10+00:00","description":"NCC Group\u2019s 45-day white-box security assessment of TiDB found zero critical, high, or medium issues. See the full results and what we fixed.","breadcrumb":{"@id":"https:\/\/www.pingcap.com\/blog\/tidb-ncc-group-security-assessment\/#breadcrumb"},"inLanguage":"ko-KR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.pingcap.com\/blog\/tidb-ncc-group-security-assessment\/"]}]},{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/www.pingcap.com\/blog\/tidb-ncc-group-security-assessment\/#primaryimage","url":"https:\/\/static.pingcap.com\/files\/2026\/06\/30125919\/Copy-of-Blog-Feature-5.png","contentUrl":"https:\/\/static.pingcap.com\/files\/2026\/06\/30125919\/Copy-of-Blog-Feature-5.png","width":1800,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/www.pingcap.com\/blog\/tidb-ncc-group-security-assessment\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.pingcap.com\/"},{"@type":"ListItem","position":2,"name":"TiDB Completes Independent Security Assessment by NCC Group"}]},{"@type":"WebSite","@id":"https:\/\/www.pingcap.com\/#website","url":"https:\/\/www.pingcap.com\/","name":"\ud2f0DB","description":"TiDB | SQL at Scale","publisher":{"@id":"https:\/\/www.pingcap.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.pingcap.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ko-KR"},{"@type":"Organization","@id":"https:\/\/www.pingcap.com\/#organization","name":"PingCAP","url":"https:\/\/www.pingcap.com\/","logo":{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/www.pingcap.com\/#\/schema\/logo\/image\/","url":"https:\/\/static.pingcap.com\/files\/2021\/11\/pingcap-logo.png","contentUrl":"https:\/\/static.pingcap.com\/files\/2021\/11\/pingcap-logo.png","width":811,"height":232,"caption":"PingCAP"},"image":{"@id":"https:\/\/www.pingcap.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/facebook.com\/pingcap2015","https:\/\/x.com\/PingCAP","https:\/\/linkedin.com\/company\/pingcap","https:\/\/youtube.com\/channel\/UCuq4puT32DzHKT5rU1IZpIA"]},{"@type":"Person","@id":"https:\/\/www.pingcap.com\/#\/schema\/person\/e2c94b706bf3eaeebbd9a511005c41f2","name":"Brian Foster","image":{"@type":"ImageObject","inLanguage":"ko-KR","@id":"https:\/\/static.pingcap.com\/files\/2023\/07\/06161300\/brian-foster-150x150.jpeg","url":"https:\/\/static.pingcap.com\/files\/2023\/07\/06161300\/brian-foster-150x150.jpeg","contentUrl":"https:\/\/static.pingcap.com\/files\/2023\/07\/06161300\/brian-foster-150x150.jpeg","caption":"Brian Foster"},"description":"Global Content Director","sameAs":["https:\/\/www.linkedin.com\/in\/brian-foster-33453a6\/"],"url":"https:\/\/www.pingcap.com\/ko\/blog\/author\/brian-james-foster\/"}]}},"grav_blocks":false,"card_markup":"<a class=\"card-resource bg-white\" href=\"https:\/\/www.pingcap.com\/ko\/blog\/tidb-ncc-group-security-assessment\/\"><div class=\"card-resource__image-container\"><img class=\"card-resource__image\" alt=\"Copy of Blog - Feature\" src=\"https:\/\/static.pingcap.com\/files\/2026\/06\/30125919\/Copy-of-Blog-Feature-5.png\" loading=\"lazy\" width=1800 height=600 \/><\/div><div class=\"card-resource__content-container\"><div class=\"card-resource__content-head\"><div class=\"card-resource__category\">Product<\/div><\/div><h5 class=\"card-resource__title\">TiDB Completes Independent Security Assessment by NCC Group<\/h5><\/div><\/a>","_links":{"self":[{"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/posts\/34000","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/users\/218"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/comments?post=34000"}],"version-history":[{"count":15,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/posts\/34000\/revisions"}],"predecessor-version":[{"id":34058,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/posts\/34000\/revisions\/34058"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/media\/34043"}],"wp:attachment":[{"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/media?parent=34000"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/categories?post=34000"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.pingcap.com\/ko\/wp-json\/wp\/v2\/tags?post=34000"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}