Penetration tests and vulnerability management

Snow License Manager and Snow Inventory are regularly subjected to penetration tests that are carried out by an external observer and through tests carried out by partners and customers. Vulnerabilities identified are confirmed and then mitigated, and are addresses as a top priority among development activities.

Snow Software products are regularly subjected to penetration tests that are carried out by external, independent consultants with full access to code, with full assistance from the Snow R&D department. These tests include at least 100 hours of work, with involvement of two or more professional testers. Snow Software handles input from numerous independent tests that are carried out by partners and customers.

Vulnerabilities that have been identified by external parties are confirmed by a Snow Software R&D departmental team and is high-prioritized according to Product Security Testing policy.

Snow Software is a participant of the vulnerability-disclosure program that allows independent researchers to find and submit vulnerabilities directly to Snow Software via a dedicated mailbox: security@snowsoftware.com.

All security fixes released in the product are communicated via release notes and special security bulletins, that describe the changes and possible mitigations to simplify vulnerability and change management for our customers.