Mercurial Security Review

Mcadams, Philip W philip.w.mcadams at intel.com
Tue Dec 16 19:57:05 UTC 2014


Here at our organization Intel we are required to perform a security review on the Mercurial application. We have been requested to reach out to your team to get answers to the following questions and roll them back to IT. Can you please answer the following questions?:

Are you following a Security Development Lifecycle (SDL) Process?  Please provide a description of the SDL process followed.
Are application security reviews incorporated into your SDL process?  Please provide a description of the application security review process followed.
Do you conduct security reviews? If so, What?
Do you use any tools to test for vulnerabilities?
Static Code Analysis tools
Dynamic Code Analysis Tools
Penetration testing tools
Can you provide the results of these vulnerability reviews performed?
Have you closed on vulnerabilities found for the subject application using these application security reviews?
Are you committed to perform regular security reviews of the application and resolving vulnerabilities identified?

Thank you.

Philip McAdams
Software Configuration Management Engineer
NSG ISE Test Engineering & SCM
Desk: (916) 377-6156 Cell: (678) 770-3176 Pole: FM3-1-D7

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://selenic.com/pipermail/mercurial/attachments/20141216/5776fd47/attachment.html>


More information about the Mercurial mailing list