On Mon, Feb 5, 2018 at 11:41 AM, Simon Slavin <slav...@bigfraud.org> wrote:
> On 5 Feb 2018, at 5:21pm, Drago, William @ CSG - NARDA-MITEQ 
> <william.dr...@l3t.com> wrote:
>> I've been using/loving SQLite for years, but the use of open source software 
>> is highly discouraged where I work, and now I have to prove to our IT dept. 
>> that SQLite is reliable and secure. The reliable part is easy because there 
>> is enough information on the SQLite website about testing, but what about 
>> security? How can I convince the auditors that SQLite is not stealing 
>> corporate secrets and spreading viruses?

Out of curiosity - does your company do the security scans quarterly
to make sure that the system (whatever is used) and the software you
guys provide are free for all security vulnerabilities?
As an example - here we do the scans quarterly, than check all
findings against RHSA (we use Red Hat Enterprise) and then fix them.
And then do quarterly security releases for the OS and software.

I'm sure Windows have the same Security Vulnerabilities DB where you
can check what should be fixed by the update, which will be done
automatically anyway.
And if you have a source code scanner(s) - you are in luck as you can
just check the code and fix it.

Thank you.
sqlite-users mailing list

Reply via email to