Security Processes Overview¶
This section explains the security processes of WSO2 and how we have incorporated security into our products, manage any product vulnerabilities, and our responsible disclosure policy.
- Secure Software Development Process: Our Secure Software Development Lifecycle illustrates how we have incorporated security checkpoints (such as peer reviews, static scanning, dynamic scanning and dependency scanning) into the product lifecycle. This section further explains the various tools and practices we follow when implementing and releasing products.
- Vulnerability Management Process: How we manage vulnerabilities in WSO2 products and services.
- Cloud Security Process: Document outlines the secure design patterns and security measures WSO2 have implemented to protect the Cloud against various threats. The process aligns with "The Six Pillars of DevSecOps: Pragmatic Implementatio" by Cloud Security Alliance.
- Security Incident Notification Process for SaaS: Document outlines the process of notifying customers of security incidents relevant to WSO2 SaaS offerings.