Conceptually this makes sense, but what about at a code level? Have you run the software through a static or dynamic analysis tool? This would certify that the lines of code that make up Aspose.Words does not have vulnerabilities.
oakridge:Have you run the software through a static or dynamic analysis tool?
We do have a documented coding standard which includes best/proper practices and patterns including for security issues. We have a peer code review process and we use automated tools to monitor code quality/adherence to the standard.
But we do not yet run specific security analyzers on Aspose.Words.
I think that Aspose.Words code is not adding any security risk into your system. Consider that Aspose.Words does not perform SQL operation, no HTML or web operations, does not have any passwords inside. All Aspose.Words does is open a file or stream you specify, read it and allow you to access the data.