Enquiries for aspose .net product security

Hi Team,

Greetings, I have some enquiries regarding the product security

Let’s say we have bought the latest version with subscription :

  1. Can aspose provide the security test report and security test report will be available for each release version ?
  2. Where aspose will post the fixes for vulnerabilities ?
  3. If there are urgent vulnerabilities issues, how should we contact aspose? can aspose guarantee security patches or update can be provided to us in the first time ?
  4. Where can I find the detailed instructions for aspose SLA ?

Looking forward to your reply.
Meng Lyu
Regards,

@meng_lyu

We are afraid that all the test logs of the API are internal and something that we cannot make public.

We publish release notes at the time of every monthly release and they contain information about all bug fixes as well as removal of the found vulnerabilities.

We assure you that we check our APIs time to time for possible vulnerabilities and remove them on urgent basis. In case someone finds any vulnerability, he can report it in our dedicated support forum and we log the ticket in our issue management system to get is sorted out. As per the flow, we resolve and remove the vulnerability on urgent basis in the nearest upcoming release. However, in some cases under paid support service, we can provide hotfixes as well.

We believe, all policies are listed here: Policies - Purchase - aspose.com. However, if you are unable to find specifics, we request you create a post in our purchase forum to contact our sales team and you will be assisted accordingly.

@asad.ali Is there any difference in SLA between paid and non-paid? if we paid then how long can we get the hotfix for urgent security issue?

@meng_lyu

As requested earlier, these details and particulars can be obtained from our Sales team by posting in Purchase forum.

Furthermore, paid support does not guarantee immediate solution. However, it does escalate your issue to the maximum and top priority so that investigation gets started at once and you will be able to get ETA and other updates a lot quicker.