Penetration tests and vulnerability management
Snow License Manager and Snow Inventory are regularly subjected to penetration tests that are carried out by an external observer and through tests carried out by partners and customers. Vulnerabilities identified are confirmed and then mitigated, and are addresses as a top priority among development activities.
Snow products are regularly subjected to penetration tests that are carried out by external, independent consultants with full access to code, with full assistance from the Flexera R&D department. These tests include at least 100 hours of work, with involvement of two or more professional testers. Flexera handles input from numerous independent tests that are carried out by partners and customers.
Vulnerabilities that have been identified by external parties are confirmed by a Flexera R&D departmental team and is high-prioritized according to Product Security Testing policy.
Flexera is a participant of the vulnerability-disclosure program that allows independent researchers to find and submit vulnerabilities directly to Flexera via a dedicated mailbox: security@snowsoftware.com.
All security fixes released in the product are communicated via release notes and special security bulletins, that describe the changes and possible mitigations to simplify vulnerability and change management for our customers.