Hi Everybody, We are planning to evaluate enterprise version of checkmk in our environment, containing several hundred of endopints.
Our Security Department requires that every software We install need to be developed following OWASP Top 10 or SANS CWE 25 guidelines.
Please, do you have any information is these principles are applied in the checkmk development process ?
Thank You,
Regards
Fabio.
@Maximilian sounds like a question for you 
Hey @mrpofs,
to be nit picky; OWASP Top 10 and SANS CWE 25 are not guidelines they are a list of most common/dangerous vulnerability types. So we try to avoid them as much as we can 
But you can send a yes to your security department, we take security serious and we are always on the look-out for these vulnerabilities and we have certain measures like code-scanning, pentesting, etc. in place to catch them as early as possible.
You can check all of our closed vulnerabilities here: Werks
And report new ones here: Vulnerability disclosure policy | Checkmk
Hope this helps
Max
Hi @Maximilian , yes thank you for the reply and for links provided !
Regards,
Fabio.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.