The following outlines the processes at Digizuite addressing security but details are by design omitted and it is not the full exhausted list of initiatives.a. Before all releases – mayor and minor – a
Penetration Test
A penetration test is performed yearly by a 3rd party under the supervision of Digizuite’s security officer. Releases do not pass if there are critical, high, or medium issues identified which are not assessed and handled.
Critical and high - issues are Issues tagged as “low” (or similar) are assessed and a) added to the development backlog or b) addressed immediately.
b. Before all releases a static code analysis is performed using a 3rd party tool with focus on:
...
f. Customers – or a partner – may in coordination with Digizuite perform penetration testing or other vulnerability assessment tests. Depending on contractual agreements Digizuite will give identified vulnerabilities classified as critical and high – if such are identified – immediate attention. Issues classified as low or medium will be evaluated before the planning of the following mayor major or minor release. It is a concern that changes made to handle low severity findings may introduces other risks.