It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Need inputs on the security measure for SourceTree application

Hi Team,

We are in a process of using SourceTree application in our company but before that we need answer on the following questions:-

QUESTION

 

YES/NO

 

 

 

Does the vendor have a software security program? (Including security testing, risk assessment, architetcural analysis)

 

 

Has the software security program been reviewed by an independent maturity assessment?  (e.g. BSIMM)

 

 

Has your software security program been applied to this product/product suite (including underlying open source)?

 

 

Has this product been independently assessed/certified?  (e.g. Common Criteria)

 

 

Has the product's design/architecture been security assessed?

 

 

Has this product been security tested?

 

 

What types of security testing have been applied to this product/product suite?

 

 

Who performs the security testing for this product/product suite?  Is it independent?

 

 

How often is security testing performed on this product/product suite?

 

 

Do you product auditable outputs from the software security program documenting the identified software security issues?

 

 

Are there security resources that can speak to the software security program and issues in the product/product suite?

 

 

Is there a documented security issue remediation process for this product/product suite with set SLAs?

 

 

What is the SLA for addressing HIGH risk issues in this product once identified?

 

 

What is the SLA for notifying consumers of HIGH risk issues in this product/product suite once identified?

 

 

 

 

1 answer

0 votes
Ana Retamal Atlassian Team Jun 11, 2018

Hi Aditya, we won't be able to provide an itemized response to your questions, Sourcetree is a free product and it's provided "as is".

In regards to the SLA, you can visit the page Atlassian Support Offerings.

For more information, you can have a look at the customer agreement Sourcetree > About Sourcetree > Customer Agreement.

Hope that helps!

Ana

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Sourcetree

Sourcetree for Windows - CVE-2019-11582 - Remote Code Execution vulnerability

A vulnerability has been published today in regards to Sourcetree for Windows.  The goal of this article is to give you a summary of information we have gathered from Atlassian Community as a st...

4,910 views 0 12
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you