For every major change of the DnA Architecture we are performing so called Security Profiling. Security Profile provides information on the current security state of D&A Platform. It serves as entry point concerning Information Security in the project and describes potential vulnerabilities as well as possible countermeasures. Security profiling is performed by certified Information Security Architect . We are still evaluating how can we disclose this confidential document to the open source community. For now please raise an issue to contact us for further details on this topic.
Several times per year we are performing EPA (Enhanced Penetration Analysis) service security checks of applications, network and IT infrastructure.
EPA, as an independent monitoring mechanism, aims at determining the overall risk level.
The goal of EPA is therefore the continuous testing of applications, networks, and infrastructure which can be identified
by attackers as well as checking the relevance of new IT security risks.
EPA provides insight about the most attractive attack vectors from the perspective of a hacker.
We are still evaluating how can we disclose this confidential document to the open source community.
For now please raise an issue to contact us for further details on this topic.
Last EPA was performed: October 11, 2021 until October 15, 2021.
All Crytical, High and Medium findings are mitigated.
As part of integrated CI/CD pipeline we are performing real time BlackDuck scan of the code ensuring license compliance for every code commited.