Software Security Process

mhapner · March 17, 2020, 3:02am

Does Elasticsearch have a document/link that describes the steps an Elasticsearch release goes through (source scanning, penetration testing, etc) to detect software vulnerabilities in its code and the code of its dependencies?

I've reviewed the Elasticsearch Security and Compliance page; however, this doesn't mention directly anything about this aspect of security. Possibly it is covered by one or more of the existing Elasticsearch certifications.

warkolm · March 17, 2020, 3:14am

It'd be best to reach out to security@elastic.co, they will be able to help you

mhapner · March 17, 2020, 3:27am

Thanks Mark, I'll do that.

system · April 14, 2020, 3:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elastic Search Static Application Security Testing Report Elasticsearch	2	528	September 8, 2017
Some vulnerabilities in Elasticsearch v7.10.0 Elasticsearch	3	516	December 10, 2021
Expected resolution for some vulnerabilities found Elasticsearch elastic-stack-security	1	42	November 9, 2024
Elasticsearch 1.4 and 1.6 vulnerability differences Elasticsearch	2	369	July 6, 2017
Vulnerable Java version bundled with 8.14.3 & 8.15 Elasticsearch elastic-stack-security	8	296	September 11, 2024

Software Security Process

Related topics