Hi,
On Mon, Feb 5, 2018 at 11:41 AM, Simon Slavin <[email protected]> wrote: > On 5 Feb 2018, at 5:21pm, Drago, William @ CSG - NARDA-MITEQ > <[email protected]> wrote: > >> I've been using/loving SQLite for years, but the use of open source software >> is highly discouraged where I work, and now I have to prove to our IT dept. >> that SQLite is reliable and secure. The reliable part is easy because there >> is enough information on the SQLite website about testing, but what about >> security? How can I convince the auditors that SQLite is not stealing >> corporate secrets and spreading viruses? Out of curiosity - does your company do the security scans quarterly to make sure that the system (whatever is used) and the software you guys provide are free for all security vulnerabilities? As an example - here we do the scans quarterly, than check all findings against RHSA (we use Red Hat Enterprise) and then fix them. And then do quarterly security releases for the OS and software. I'm sure Windows have the same Security Vulnerabilities DB where you can check what should be fixed by the update, which will be done automatically anyway. And if you have a source code scanner(s) - you are in luck as you can just check the code and fix it. Thank you. _______________________________________________ sqlite-users mailing list [email protected] http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
