[jboss-user] [Beginner's Corner] - Re: JBOSS7: ASV Scan Report Attestation of Scan Compliance

Peter Johnson [https://community.jboss.org/people/peterj] created the discussion "Re: JBOSS7: ASV Scan Report Attestation of Scan Compliance" To view the discussion, visit: https://community.jboss.org/message/739433#739433 -------------------------------------------------------------- You are using a community release. Community releases are "developer friendly". About the only security-related consideration for community edition is that  by default it connects to localhost, thus it will accept only traffic from that same PC. If you change that, then *you have to lock it down*. So the fact that there are security alerts is expected for a community release. The EAP releases, on the other hand, are locked down out-of-the-box. If a security scanner find problems with that, then I suspect the EAP team would want to hear about it . -------------------------------------------------------------- Reply to this message by going to Community [https://community.jboss.org/message/739433#739433] Start a new discussion in Beginner's Corner at Community [https://community.jboss.org/choose-container!input.jspa?contentType=1&...]