Which platform server versions have security fixes from HP fortify?

Which platform server versions have security fixes from HP fortify?

  
Hi guys,

In NextStep 2013 it was annouced that Outsystems now uses HP Fortify to eliminate many security faults. I got the impression that it was also said that all released versions of the platform were now free of any major vulnerabilities detected by this software, but I don't see any reference to that in any of the release notes.

Were these security improvements applied only to Platform Server 8.0, or were earlier versions also updated?
Hi João,

The security improvements, using HP Fortify Static Code Analyzer, were made to 8.0 (generated applications).
The HP-Fortify tool is being used in OutSystems Platform internal quality control process testing that generated applications have no Critical/High/Medium security issues.
Although we are only using HP-Fortify in 8.0, if any relevant major/critical issues are detected, the fix will be back-ported to previous versions as part of regular bug-fixing.


Regards,
João Portela