Vulnerability testing

Jock Philip, December 14 2017 21:54:03

Thanks Gary & Andrew,

Will start doing some online searches. I don’t think I’m going to get away with the scripting approach with this one. Would be nice.

Jock

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jock Philip [jock@visionchips.com] Vision Chips, Inc.
888.517.7779 x 3563
www.visionchips.com/

Developers of OBserver OB/GYN Ultrasound Reporting and Image Archiving System

—–Original Message—–
From: omnisdev-en [mailto:omnisdev-en-bounces@lists.omnis-dev.com] On Behalf Of Gary Connor
Sent: Thursday, December 14, 2017 12:53 PM
To: ‘OmnisDev List – English’ <omnisdev-en@lists.omnis-dev.com>
Subject: RE: Vulnerability testing

Jock –

We have to maintain PCI DSS compliance for all of our customers also. We have agreed with our QSA that as Omnis is an interpreted language, the vulnerability testing is only necessary if we change Omnis versions, not for library changes. We have always maintained that Omnis is like any MS Office product in that we are merely “scripting” it, not writing new compilable code. This may or may not be a position you want to take with the client and the client take with their QSA. (If they are PCI compliant they are required to do vulnerability scanning twice a year, so they should have something in place to accomplish the vulnerability scanning tasks.) Otherwise, if you google ” vulnerability scanning tools” there are dozens of free vulnerability scanning tools available for a variety of platforms.

Best of luck.

—–Original Message—–
From: omnisdev-en [mailto:omnisdev-en-bounces@lists.omnis-dev.com] On Behalf Of Jock Philip
Sent: Thursday, December 14, 2017 11:36 AM
To: OmnisDev List – English
Subject: Vulnerability testing

Anybody doing vulnerability testing in a client server environment?

Have a customer that is requiring evidence of vulnerability testing on our software whenever we do updates. Oracle database, Studio 4.3.2.1, customer’s own network and their own server. Any examples, suggestions, tools or anything else of any help?

Thanks

Jock

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jock Philip [jock@visionchips.comjock@visionchips.com>] Vision Chips, Inc.
888.517.7779 x 3563
www.visionchips.com/

Developers of OBserver OB/GYN Ultrasound Reporting and Image Archiving System

_____________________________________________________________
Manage your list subscriptions at lists.omnis-dev.com

———-

This email has been scanned for spam and viruses by Proofpoint Essentials. Visit the following link to report this email as spam:
us3.proofpointessentials.com/index01.php?mod_id=11&mod_option=logitem&mail_id=1513280159-ER7SLZL0WXj1&r_address=gary_connor%40directline-tech.com&report=1

NOTE: This email message and any attachments are for the sole use of the intended recipient(s) and may contain confidential and/or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by replying to this email, and destroy all copies of the original message.
_____________________________________________________________
Manage your list subscriptions at lists.omnis-dev.com
_____________________________________________________________
Manage your list subscriptions at lists.omnis-dev.com

Vulnerability testing