You are viewing limited content. For full access, please sign in.

Question

Question

NSIT 800-64

Laserfiche
Updated November 10, 2020
asked on April 28, 2015

Has Laserfiche had any software development practice audits? NSIT 800-64 would be a good example. This is important for a number of larger government clients. 

http://csrc.nist.gov/publications/nistpubs/800-64-Rev2/SP800-64-Revision2.pdf

 

0 0

Replies

replied on April 30, 2015

Hi Patrick,

I don't see a record specifically referring to Laserfiche testing its software development practices against the NIST Special Publication 800-64 guidelines. 

However, the security of customer data is of paramount importance to Laserfiche. Laserfiche maintains industry standard software engineering practices throughout the development lifecycle to minimize vulnerabilities and security risks during code creation. These rigorous practices include the following measures:

  • Laserfiche uses code-scan software in-house to validate code.
  • Laserfiche contracts with a leading security company to perform code reviews and web penetration security assessments.
  • Laserfiche works with a third party security company to perform live server testing intended to prevent security flaws, such as input validation, input sanitizing and buffer overruns, which are major types of vulnerabilities in the OWASP Top Ten. 
1 0
replied on November 10, 2020

Kelsey,

 

Is there any documentation that Laserfiche can provide with what type of security testing they have done?

 

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...