Hi Team,
We are in a process of using SourceTree application in our company but before that we need answer on the following questions:-
QUESTION |
| YES/NO |
|
|
|
Does the vendor have a software security program? (Including security testing, risk assessment, architetcural analysis) |
|
|
Has the software security program been reviewed by an independent maturity assessment? (e.g. BSIMM) |
|
|
Has your software security program been applied to this product/product suite (including underlying open source)? |
|
|
Has this product been independently assessed/certified? (e.g. Common Criteria) |
|
|
Has the product's design/architecture been security assessed? |
|
|
Has this product been security tested? |
|
|
What types of security testing have been applied to this product/product suite? |
|
|
Who performs the security testing for this product/product suite? Is it independent? |
|
|
How often is security testing performed on this product/product suite? |
|
|
Do you product auditable outputs from the software security program documenting the identified software security issues? |
|
|
Are there security resources that can speak to the software security program and issues in the product/product suite? |
|
|
Is there a documented security issue remediation process for this product/product suite with set SLAs? |
|
|
What is the SLA for addressing HIGH risk issues in this product once identified? |
|
|
What is the SLA for notifying consumers of HIGH risk issues in this product/product suite once identified? |
|
|
Hi Aditya, we won't be able to provide an itemized response to your questions, Sourcetree is a free product and it's provided "as is".
In regards to the SLA, you can visit the page Atlassian Support Offerings.
For more information, you can have a look at the customer agreement Sourcetree > About Sourcetree > Customer Agreement.
Hope that helps!
Ana
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.