Hello,
Can you tell us how do you communicate your security issues concerning the source code when you have some ?
Do you post a CVE and we can get it in any vulnerability datasource or do you send an email to us ? What is your process about that topic ?
Sincerely,
All Aspose APIs/SDKs have been checked time to time for any kind of vulnerabilities (including CVE-xxxx) and we remove them internally (if found any). We recommend using latest versions of the APIs. Please try using Aspose APIs (latest versions) and in case you face any issues regarding security, please let us know with details. We will address it accordingly.
Hello,
ok and if you discover a vulnerability, do you warn your client at this moment or do you send an email at the time when you release a corrective version ? How are we warned about that ?
Sincelerely,
Please note, we test our products for every possible vulnerabilities including OWASP, Non-OWASP, SANS and others. These reports are generated by our teams for the internal audit and reviews. Moreover, (if in any case) we found any vulnerability in any API, we fix/remove it on the spot immediately. Moreover, we do not share the original scans/results with the users as it is proprietary data or internal module(s). As we told you, please try using Aspose APIs (latest versions) and you won’t find any vulnerabilities or security issues.
Should you have further concerns, do let us know.