Hi!
How aspose team test and control the absence of vulnerabilities in libraries?
Does aspose team provide SLA for the time of fixing new vulnerabilities found?
Can you please be more specific in terms of your requirements and also share that for which Aspose API, your inquiry is related to.
Do you have some process that find and fix possible vulnerabilities, during development process?
Static analysis of sources? Fuzzing testing? Etc
Do security researchers analyze your libraries for vulnerabilities? Where can I see such reports?
Yes, we do test our products for vulnerabilities including OWASP, Non-OWASP, and SANS. These reports are generated by our teams for the internal audit and reviews. We haven’t published these reports publicly. Please do share which products you’re interested in along with the license details and we’ll try to arrange those reports for your review.