Hi,
Is there a penetration test report available for the product?
Hello,
What product did you mean? GanttProject is a desktop application.
Yes the desktop application
Well actually the desktop or cloud application, I can’t use the product at my company without their cyber sec team reviewing a penetration test report for the product
Bottom line is a penetration test report available for either the desktop or cloud version of the software?
because desktop applications are installed on machines connected to the internet and the internal network, our cyber sec requires they have a penetration test
No extensive tests and no reports, sorry. However, I don’t think there are such tests for notepad.exe either.
GanttProject may receive external data from the files it reads, such as project documents or the settings file, or application updates. This provides some attack surface; however, it is not that big, and can be narrowed if desired by switching off some features, e.g., update checks, on the application or firewall level. We apply certain security measures, for instance, the updates come cryptographically signed with an asymmetric key, GanttProject checks the signatures, and rejects updates in case of a signature mismatch.
If your security engineers need any details, let me know.
For the record, there are no separate desktop and cloud versions. GanttProject Cloud is a project server for collaboration, not a cloud version of GanttProject.