Priority: Not Evaluated
The following processes are currently in place, and should be documented as part of the security policy, as long as the project commits to continuing with their regular execution.
- regular updating of 3rd party modules in LTS patch and new feature releases
- documentation about which 3rd party module versions are included in a Qt release
- audits through independent security auditors, including fuzzing, code review, and static code analysis
Other processes could include risk assessments and threat analysis, penetration testing.
For each process documented in the policy, an owner (or alternatively, a link to another process, such as the release process) needs to be identified and documented.