Vulnerability Assessment and Penetration Testing Report for DeepL Plug-in

#Plugin #deepl#VAPT

Need the VAPT report from SDL as we use the DeepL-plugin provided by you at corporate level and need this for internal records / process. Posting the query here as directed by SDL support team. 

emoji
Parents
  •  

    I'm quite surprised to read this for several reasons.  First of all VAPT reports often contain sensitive information about an organisation's IT infrastructure, security controls, and internal processes. Sharing this information with external parties could expose our organisation to potential threats and compromise our security posture.  So sharing any sort of reports like this would have to be done with proper legal controls in place and with a sound business reason for doing it in the first place.

    Secondly, your company most likely has different configurations, security controls, and infrastructure, all of which can introduce new vulnerabilities or risks not identified in any VAPT report we may have carried out.  So the value would be questionable anyway.

    Thirdly, any VAPT report we may have carried out is unlikely to have covered all aspects relevant to your use of the application, such as integration with other systems or usage scenarios we know nothing about as plugins like these are often used with an API for a businesses own purposes.

    But a point that is probably more relevant is that we would not do this for a plugin in the first place unless it was something that we used ourselves as an important part of our business activities.  In this case I doubt it!  There are hundreds of plugins available on the appstore and we only use a fraction of them internally.

    If you feel that this information is still relevant to you, it might be more suitable to reach out to your account manager and discuss your concerns with them, as this community forum may not be the most appropriate platform for requesting such information.

    emoji
Reply
  •  

    I'm quite surprised to read this for several reasons.  First of all VAPT reports often contain sensitive information about an organisation's IT infrastructure, security controls, and internal processes. Sharing this information with external parties could expose our organisation to potential threats and compromise our security posture.  So sharing any sort of reports like this would have to be done with proper legal controls in place and with a sound business reason for doing it in the first place.

    Secondly, your company most likely has different configurations, security controls, and infrastructure, all of which can introduce new vulnerabilities or risks not identified in any VAPT report we may have carried out.  So the value would be questionable anyway.

    Thirdly, any VAPT report we may have carried out is unlikely to have covered all aspects relevant to your use of the application, such as integration with other systems or usage scenarios we know nothing about as plugins like these are often used with an API for a businesses own purposes.

    But a point that is probably more relevant is that we would not do this for a plugin in the first place unless it was something that we used ourselves as an important part of our business activities.  In this case I doubt it!  There are hundreds of plugins available on the appstore and we only use a fraction of them internally.

    If you feel that this information is still relevant to you, it might be more suitable to reach out to your account manager and discuss your concerns with them, as this community forum may not be the most appropriate platform for requesting such information.

    emoji
Children
No Data