We want to use Aspose.Words for Java in our product and are actively evaluating the product functionality. We have a very rigorous security checklist and we want to understand how Aspose addresses security related issues. Can you please provide answers to the following questions:
- Is there a way we can receive notifications of any security issues found in the Aspose software?
- How do we report security issues found in Aspose?
- Have you performed any security code scans on Aspose libraries like Veracode scan, Fortify etc? Do you have a valid of issues identified and addressed?
- What is the typical timeline in which you can fix the security related issues reported?
- How safe are the XMLparsers provided by Asposew.r.t security vulnerabilities possible? What steps do you take to ensure these parsers are safe?
- From Aspose website, we learn that Aspose.Words for Java uses a temporary directory on your machine that is specified via java.io.tmpdir system property. Aspose.Words writes temporary files and removes them as soon as rendering is completed. “java.io.tmpdir” is a standard Java system property which is also used by the disk-based storage policies. It determines where the JVM writes temporary files. https://docs.aspose.com/display/wordsjava/System+Requirements#SystemRequirements-Folderusedfortemporaryfiles
Is this secure? What is the time span of the files generated here?
It is very important for us to be able to answer these questions in a timely manner to be able to use this software. So, any quick replies will be appreciated.