...

Mongoose Library
security best practices

Mongoose repository runs a continuous integration test powered by GitHub, which runs through hundreds of unit tests on every commit to the repository. Our unit tests are built with modern address sanitizer technologies, which help to find security vulnerabilities early
Mongoose repository is integrated into Google's oss-fuzz continuous fuzzer which scans for potential vulnerabilities continuously
We receive periodic vulnerability reports from the independent security groups like Cisco Talos, Microsoft Security Response Center, MITRE Corporation, Compass Security and others. In case of the vulnerability found, we act according to the industry best practice: hold on to the publication, fix the software and notify all our customers that have an appropriate subscription
Some of our customers (for example NASA) have specific security requirements and run independent security audits, of which we get notified and in case of any issue, act similar to (3)