Security Measures in Aspose

Aspose.Words Product Family
1

We are in process of purchasing Aspose.words for our organization. However as part of our security review to onboard Aspose, we need below information/clarification to get approval from internal security team for their approval

  1. Can Aspose provide assurance that they can meet security requirements (for example: by producing results of penetration tests, Code Security Review and Vulnerability Identification and Management , demonstrating adherence to any of the industry standards, and providing an effective method for delivering software patches/fixes.

  2. What measures is Aspose taking to protect against CWE/SANS Top 25 Most Dangerous Software Errors

  3. Any Application vulnerability tests done and at a minimum demonstrated compliance ?

  4. We understand that the Aspose does not have SOC2 Type2 report, does Aspose have any other certifications ?

2

@sivawitu We test every release against OWASP top 10 and SANS top 25 vulnerabilities with SonarQube static code analyzer . But we generate internal reports only. Here are the last OWASP and SANS reports: owasp.zip (3.7 KB)
We publish releases monthly and include the fixes in each next release.