UpSlide is an add-in for MS Office suite and we take the security of our code seriously. Below, you will find all the actions taken to ensure the security of our solution.
Code quality and security scanning
We use Sonarqube for code analysis. This allow us to:
- Perform Secure Code Reviews before each release of the UpSlide add-in and UpSlide servers
- Ensure that the quality of the code produced meets our standards
- Avoid vulnerabilities on our codebase
Change Management / QA UAT Testing
Before each release the following actions are performed:
- The solution is tested against all supported Office Versions (2010, 2013, 2016, 2019, Office 365 Insider builds)
- The code scanner engine is triggered to ensure that no vulnerable code is pushed into production (see above)
- Manual testing is performed to ensure that no bugs are released into production
Open Source software use
UpSlide may use Open Source solutions inside its software to support some functionalities. Before each release:
- The solution is tested for any vulnerabilities using the Code scanning engine
Vulnerability classification and risk prioritization
Each Vulnerability is rated depending on its Severity and its Exposure. The methodology used is the same as provided by the SANS Institute.