Hi, my team is interested in using GIMP at work. However our IT department requires us to ask the following. Is this the appropriate forum to ask or could you direct me to the right place?:
“Do you have a Secure Development Lifecycle (SDL) in place that includes a vulnerability management process and timely closure of vulnerabilities?”
Thanks in advance and I appreciate all of you who develop, support, and maintain this awesome software.
We don’t have any specific process no, except the fact that if someone reports a vulnerability which could be a serious problem, we indeed take it seriously. Our track record is pretty good so far (i.e. we fix reported vulnerabilities quickly 
).
Now this is currently how far we can go in term of “promise” considering GIMP community-style development and limited number of developers. Hopefully it’s enough for your team. 
Completely understandable. You all are awesome and thank you for your reply.
This topic was automatically closed 45 days after the last reply. New replies are no longer allowed.