Undefined Description
The product security research team is responsible for driving pentesting. The Offering team is responsible for assisting in setting up a testing environment. The Security Architect will act as a liaison and will assist the Offering team in interpreting and triaging findings.
For Offerings required to meet SSML tier 2, pentesting is required for each major release and for any release that has significant changes in the architecture or code base of the Offering.
Definition of Done
- A penetration test has been completed for the latest major release and after any significant architecture or code change
- The latest penetration test report has been added to https://product-security.pages.redhat.com/offering-registry/offerings/openshift-servicemesh/evidence/penetration_test/