Software Assurance Related to SoapUI + LoadUI?
I'm trying to determine how the source code in SOAPUI and LOADUI is being validated for security, software assurance, trusted source code, trusted copy, etc. I've seen lots of discussion on how to use these tools and praise for them, but on your boards and other pages I don't see rules on how it is developed and validated. In looking on SourceForge, I don't see any way to verify that the version of code available for download matches to what it should (hash value or other independent verifier) according to the creator.
What are the standard methods used to verify that these tools don't get backdoored with trojan code? What are the rules on sharing common code (creative commons license?) How is code reviewed to determine if it is secure? Do you use the security testing features you have built into these development tools to verify them before making each version public? How can we ensure that the copy at SourceForge actually is the one placed there by SoapUI.org, not a hacked version?
If there is a link or whitepaper that provides any of this type of information (whether performed as centralized testing or as community project), please point me in the right direction.
What are the standard methods used to verify that these tools don't get backdoored with trojan code? What are the rules on sharing common code (creative commons license?) How is code reviewed to determine if it is secure? Do you use the security testing features you have built into these development tools to verify them before making each version public? How can we ensure that the copy at SourceForge actually is the one placed there by SoapUI.org, not a hacked version?
If there is a link or whitepaper that provides any of this type of information (whether performed as centralized testing or as community project), please point me in the right direction.