Security Questions - Ant

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Security Questions - Ant

Jack O'Connor
Hello,

 

My company is considering using Apache Ant but I need some answers to some
security questions.  I hope someone out there can help me out.

 

1) Is the software compliant with U.S. Federal Information Processing
Standard (FIPS) 140-2?

2) Is any third party software bundled with the software?

3) Can the software export security related audit trails to external
collection systems, such as syslog or ArcSight?

5) Are user accounts required or optional?

 

Thank you!

 

Jack

Reply | Threaded
Open this post in threaded view
|

Re: Security Questions - Ant

Stefan Bodewig
Hi Jack

On 2018-11-27, Jack O'Connor wrote:

> 1) Is the software compliant with U.S. Federal Information Processing
> Standard (FIPS) 140-2?

It is not certified in any way. Not sure what "is compliant" means but
the I guess the answer is somewhere between "we don't know" and "no".

> 2) Is any third party software bundled with the software?

The binary distribution doesn't bundle any additional software, the
source distribution contains JUnit and Hamcrest jars in lib/optional.

> 3) Can the software export security related audit trails to external
> collection systems, such as syslog or ArcSight?

Not by itself. It would be possible to write a Logger/Listener that did
but the Ant team doesn't provide one.

> 5) Are user accounts required or optional?

Apache Ant is a command line tool designed to be run by software
developers during their development work. It is not a server process.

Stefan

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]