# Platform / Hosting Provider Attack Software companies regularly rely on third-party platform providers to host code, build servers, web servers, and apps. These can be a source of vulnerability. The [Linode web host was compromised in 2012](https://arstechnica.com/information-technology/2012/03/bitcoins-worth-228000-stolen-from-customers-of-hacked-webhost/), leading to the theft of bitcoin from several services that were clients of them. Google’s Play Store and Apple’s App Store are potential points of failure. They could remove the Casa app from the platform at any time, or potentially be compromised and enable the app to be replaced with malware. **Mitigation:** * Code base is auditable, requires cryptographic signing of every commit. * Two-man rule required for code commits. * A system with a mix of different hardware and software provides checks against pieces of the system becoming untrustworthy. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.casa.io/wealth-security-protocol/threat-overview/platform-hosting-provider-attack.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.