SECURITY

Mongoose Web Server security is a paramount for us.

Following measures have been taken:

  1. Continuous integration test

    Mongoose repository runs a continuous integration test, powered by GitHub, which runs through hundreds of unit tests on every commit to the repository.
    Our unit tests are built with modern address sanitizer technologies, which help to find security vulnerabilities early.
    See https://github.com/cesanta/mongoose/actions.
  2. Continuous fuzzer

    Mongoose repository is integrated into Google's oss-fuzz continuous fuzzer, which scans for potential vulnerabilities continuously.
    See https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:mongoose.
  3. Proactive security alerts notifications

    We receive periodic vulnerability reports from the independent security groups, for example the likes of: Cisco Talos, Microsoft Security Response Center, MITRE Corporation, Compass Security.
    In case of the vulnerability found, we act according to the industry best practice: hold on to the publication, fix the software and notify all our customers subscribed to the Software Maintenance about the patch.
    If you have a Software Maintenance subscription enabled, you can find those notifications in the email inbox of the contact person specified.
  4. Independent security tests

    Some of our customers (for example NASA) have specific security requirements and run independent security tests, of which we get notified and in case of any issue, act similar to process described in section #3.
Got questions on security? Contact us