EU-EDPS / website-evidence-collector

Project moved to https://code.europa.eu/EDPS/website-evidence-collector ! The tool Website Evidence Collector (WEC) automates the website evidence collection of storage and transfer of personal data. https://edps.europa.eu/press-publications/edps-inspection-software_en
https://code.europa.eu/EDPS/website-evidence-collector
European Union Public License 1.2
426 stars 73 forks source link

Security questions #86

Closed ZikBurns closed 1 year ago

ZikBurns commented 1 year ago

Hi, I want to use this tool in my organization. For that I need to know more about its security specifications.

What kind of controls have been implemented to secure the tool? Does the tool encrypt or sign data? Is there any vulnerability information available?

rriemann commented 1 year ago

The tool can be installed in an air-gapped network and works in an isolated environment (e.g. Docker).

The output is neither signed nor encrypted. However, both can be done with other tools (such as GPG).

No vulnerability information is available.

Please read the applicable license for more information on liability: https://github.com/EU-EDPS/website-evidence-collector/blob/master/LICENSE.txt