Software Security Process

Does Elasticsearch have a document/link that describes the steps an Elasticsearch release goes through (source scanning, penetration testing, etc) to detect software vulnerabilities in its code and the code of its dependencies?

I've reviewed the Elasticsearch Security and Compliance page; however, this doesn't mention directly anything about this aspect of security. Possibly it is covered by one or more of the existing Elasticsearch certifications.

It'd be best to reach out to security@elastic.co, they will be able to help you :slight_smile:

Thanks Mark, I'll do that.