Hi Team,
We are in a process of using SourceTree application in our company but before that we need answer on the following questions:-
QUESTION | | YES/NO |
| | |
Does the vendor have a software security program? (Including security testing, risk assessment, architetcural analysis) | | |
Has the software security program been reviewed by an independent maturity assessment? (e.g. BSIMM) | | |
Has your software security program been applied to this product/product suite (including underlying open source)? | | |
Has this product been independently assessed/certified? (e.g. Common Criteria) | | |
Has the product's design/architecture been security assessed? | | |
Has this product been security tested? | | |
What types of security testing have been applied to this product/product suite? | | |
Who performs the security testing for this product/product suite? Is it independent? | | |
How often is security testing performed on this product/product suite? | | |
Do you product auditable outputs from the software security program documenting the identified software security issues? | | |
Are there security resources that can speak to the software security program and issues in the product/product suite? | | |
Is there a documented security issue remediation process for this product/product suite with set SLAs? | | |
What is the SLA for addressing HIGH risk issues in this product once identified? | | |
What is the SLA for notifying consumers of HIGH risk issues in this product/product suite once identified? | | |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.