<div>
<div class="content wysiwyg-content">
<a href="https://bitnami.com/stack/mediawiki/installer" rel="ugc">https://bitnami.com/stack/mediawiki/installer</a><br />
<br />
I refer to above tool that our developer wanted to use. &nbsp;Can provide comments on<br />
a) is there a site or source that regularly produce/track for new vulnerabilities for that software<br />
b) are patches being produced regularly : is this considered an Opensource and release of patches is not contractually required?<br />
<br />
If there's no regular patchings, what are the precautions we ought to take? &nbsp;Eg: use it on an air-gap PC without Internet access?
</div>
</div>


https://bitnami.com/stack/mediawiki/installer

I refer to above tool that our developer wanted to use.  Can provide comments on
a) is there a site or source that regularly produce/track for new vulnerabilities for that software
b) are patches being produced regularly : is this considered an Opensource and release of patches is not contractually required?

If there's no regular patchings, what are the precautions we ought to take?  Eg: use it on an air-gap PC without Internet access?

Security concerns on using Mediawiki

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

Software is any set of instructions that directs a computer to perform specific tasks or operations. Computer software consists of programs, libraries and related non-executable data (such as documentation). Computer software is non-tangible, contrasted with computer hardware, which is the physical component of computers. Software written in a machine language is known as "machine code". However, in practice, software is usually written in high-level programming languages than machine language. High-level languages are translated into machine language using a compiler or interpreter or a combination of the two.

Software

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

OS Security

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.