Acct 556 Week 3

Smith and I had a productive software security concerns conversation with Vipul this past Thursday (6/1/17). One of the questions we asked him was if Ebix has some sort of ISO certification like ISO 9126 and found that they do not. Per Vipul, Ebix is CMMI level 5 compliant and explained that this accreditation has more rigorous requirements than ISO certification. Vipul will share a framework document that lists ten security/risk assessment tenets that Ebix follows to build secure web application developer. As we discussed your software exploit findings, he stated that numerous tests were conducted by the Ebix QA team to try and sidestep the VISION authentication process but could not defeat it. This past Thursday, you sent us an email mentioning that you spent some more time last week trying to enter VISION without authenticating and could not gain access to meaningful areas. Based on your testing outcomes and reassurance from Vipul, I believe we are confident that malicious code cannot be injected into VISION without access to an existing user account. This coming Tuesday (6/6/17), Vipul will present a plan that outlines how he will address our security concerns. He will also share a security patch date with us. As the submitter of iTrack ticket 1258, Vipul will work with you and ensure that all our security concerns are addressed satisfactorily. …show more content…
He went on to mention that Ebix usually only takes this step once the software is deemed as finished. VISION was deployed over a year and a half ago and we still have numerous phases left, so we suggested that this might be an appropriate juncture to have an external auditor review VISION, particularly, since we have found vulnerable