On 06/12/2016 07:21, GAN Kok Leong, Adrian wrote: > Hi, > > We have a cybersecurity requirement for all software. We would like > to know whether Tomcat version 7.0.25 is developed and comply with > Secure Software Development Life Cycle (SSDLC)?
This sounds suspiciously like a security box ticking exercise. I'm sure someone could make the case that Tomcat development does use a SSDLC just as easily as someone could make that case that it does not. A focus on actual security rather than box ticking might ask "Are there known security vulnerabilities in a piece of software released 4, almost 5, years ago and if there are, why are we still using it?" The answer to the first part of that question may be found here: http://tomcat.apache.org/security-7.html Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org