Request details for suggesting sikuli for organization

Asked by Sumit Saha on 2021-02-04

Dear All,

I've conducted a POC using sikuli and management is quite impressed with it and recommended sikuli to undergo cyber security assessment before making it part of test ecosystem. They have some questions which I was not sure. Appreciate if you can help me to collect these details.
If any questions are not applicable. Kindly mention as "Not Applicable" as some of these questions are meant for full application and we'll be using sikulix api as a maven dependency library

Note: Kindly note that I'm using sikulix api v2.0.4 for automation.

-----Architecture and security framework:----
1.0 How easy may the application be deployed in high-availability?
1.1 In case of a web application, does it work properly behind a reverse-proxy?

-----Updates and Patches:----
1.2 How are patches released and how often?
1.3 How reactive are the developers?
1.4 How long is the average time required to fix an issue?

----- Documentation -------
1.5 How is the documentation within the code is perform?
1.6 How often is the documentation updated?

---- Maturity -----
1.7 How long has the software been supported or in use?
1.8 How is the development community organized and how well does it function?
1.9 How active is the development community?
1.10 How much published material is devoted to the software?
1.11 How many commercial vendors support the software?
1.12 What is the security track record of the software?
1.13 How safe is data used / generated by the application?
1.14 Are backup and restore procedures available?
1.15 Do you perform source-code analysis to detect security defects in code prior to production?

----- Configuration -----
1.16 How the application supports complex configuration?
1.17 How deep can it be customized?
1.18 Does it implement AAA (Authentication, Authorization & Accounting)?
1.19 Does it implement RBAC (Role Based Access Control)?
------ Extendability ------
1.20 Is the application modular and can be expanded with modules or plugins?
1.21 Are external pieces of code (like libraries) used?

----- Threat & Vulnerability Management-----
1.22 How many CVE's (Common Vulnerabilities and Exposures) released in the last 6 months?
1.23 What is the severity of CVE's (Common Vulnerabilities and Exposures)?
1.24 If Any, how to handle the repeated issues in CVE's (Common Vulnerabilities and Exposures)?
1.25 Is there any documented process to keep track of the CVE's (Common Vulnerabilities and Exposures)? By who?
1.26 is there any vulnerability test perform against this product? How often?

Question information

Language:
English Edit question
Status:
Answered
For:
SikuliX Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
RaiMan (raimund-hocke) said :
#1

I am sorry, but as a on-man-show delivering such a tool as OpenSource, I do not have the time for such stuff.

Use SikuliX as is or leave it.

Can you help with this problem?

Provide an answer of your own, or ask Sumit Saha for more information if necessary.

To post a message you must log in.