...
- Reports about vulnerabilities are forwarded to SOS
- by automated vulnerability detection provided from the GitHub Source Code Repositories,
- by users via private e-mail,
- by customers via the SOS Ticket System.
- Detection of vulnerabilities includes both the SOS software product and any 3rd 3rd party libraries included with the software product.
- Sources of vulnerability detection in source code of SOS software products include
- automated scans performed by source code repositories,
- security audits performed by users and customers for example for pen-testing,
- security breaches reported by users and customers.
- SOS tracks vulnerabilities in 3rd party open source libraries by automated scans provided by source code repositories,
- Sources of vulnerability detection in source code of SOS software products include
- Users are advised to use private e-mail to report vulnerabilities.
...
- With fixes being available the following applies:
- Downloads
- Maintenance releases are published for download with the SOS web site and with SourceForge.
- Users should be aware that 3rd party web sites that mirror downloads of SOS software products might or might not indicate availability of maintenance releases. SOS denies any liability for accurate and timely downloads of maintenance releases available from 3rd party web sites.
- Notification
- Notifications are provided by RSS Feeds.
- Notifications are provided via Twitter News
- Customers who subscribe to notifications within their support option receive a notification by e-mail.
- In addition
- Downloads
- Fixes provided for any branches under maintenance are communicated at the same point in time.
...